HP-UX Reference (11i v1 05/09) - 1 User Commands A-M (vol 1)
k
kinit(1) kinit(1)
NAME
kinit - obtain and cache the Kerberos ticket-granting ticket
SYNOPSIS
kinit [-l life_time][-s start_time][
-v][-p][-f][-k [-t keytab_filename]] [
-r renewable_life]
[
-R][-c cache_filename][
-S service-name][principal]
DESCRIPTION
kinit obtains and caches an initial ticket-granting ticket for the principal.
Options
-l life_time Requests a ticket with the lifetime value defined in life_time. The value for life_time
must be followed immediately by one of the following delimiters:
s seconds
m minutes
h hours
d days
For example, as in kinit -l 90m for 90 minutes. You cannot mix units; a value of
3h30m will result in an error.
If the -l option is not specified, the default ticket lifetime (configured by each site) is
used. Specifying a ticket lifetime longer than the maximum ticket lifetime (configured
by each site) results in a ticket with the maximum lifetime.
-s start_time Requests a postdated ticket, valid starting at start_time. The format for start_time is
the same as the
-l option, one of the following: seconds, minutes, hours, or days.
Postdated tickets are issued with the invalid flag set, and need to be fed back to the
Kerberos KDC (Key Distribution Center) before use.
-v Requests that the ticket granting ticket in the cache (with the invalid flag set) be
passed to the KDC for validation. If the ticket is within its requested time range, the
cache is replaced with the validated ticket.
-p Requests proxiable tickets.
-f Requests forwardable tickets.
-r renewable_life Requests renewable tickets, with a total lifetime of renewable_life. The format for
renewable_life is the same as the
-l option, one of the following: seconds, minutes,
hours, or days.
-R Requests renewal of the ticket-granting ticket. Note that an expired ticket cannot be
renewed, even if the ticket is still within its renewable life.
-k [-t keytab_filename]
Requests a host ticket, obtained from a key in the local host’s keytab file. The name
and location of the keytab file may be specified with the
-t
keytab_filename option;
otherwise the default name and location will be used.
-c cache_filename Uses cache_filename as the credentials ticket cache name and location. If this option is
not used, the default cache name and location are used.
The default credentials cache may vary between systems. If the KRB5CCNAME
environment variable is set, its value is used to name the default ticket cache. Any
existing contents of the cache are destroyed by kinit.
-S service_name Specifies an alternate service name to use when getting initial tickets.
principal Uses the principal name from an existing cache if there is one.
Note
For DCE operations use /opt/dce/bin/kinit.
Environment
kinit uses the following environment variable:
KRB5CCNAME Location of the credentials ticket cache.
Section 1−−406 Hewlett-Packard Company − 1 − HP-UX 11i Version 1: September 2005