User's Manual
Utilities for the Kerberos Authentication Adapter
6-12 Oracle Database Advanced Security Administrator's Guide
Displaying Credentials with the oklist Utility
Run the oklist utility to display the list of tickets held; available oklist options
are listed in Table 6–2:
The show flag option (-f) displays additional information, as shown in the
following example:
-l Specify the lifetime of the ticket-granting ticket and all
subsequent tickets. By default, the ticket-granting ticket is
good foreight (8) hours, butshorter or longer-livedcredentials
may be desired. Note that the KDC can ignore this option or
put site-configured limits on what can be specified. The
lifetime value is a string that consists of a number qualified by
w (weeks), d (days), h (hours), m (minutes), or s (seconds), as
in the following example:
okinit -l 2wld6h20m30s
The example requests a ticket-granting ticket that has a life
time of 2 weeks, 1 day, 6 hours, 20 minutes, and 30 seconds.
-c Specify an alternative credential cache. For UNIX, the default
is /tmp/krb5cc_uid. You can also specify the alternate
credential cache by using the SQLNET.KERBEROS5_CC_NAME
parameter in the sqlnet.ora file.
-? List command line options.
Table 6–2 Options for the oklist Utility
Option Description
-f Show flags with credentials. Relevant flags are I, credential is a
ticket-granting ticket, F, credential is forwardable, and f,
credential is forwarded.
-c Specify an alternative credential cache. In UNIX, the default is
/tmp/krb5cc_uid. Thealternate credentialcache can alsobe
specified by using the SQLNET.KERBEROS5_CC_NAME
parameter in the sqlnet.ora file.
-k List the entries in the service table (default /etc/v5srvtab)
on UNIX. The alternate service table can also be specified by
using the SQLNET.KERBEROS5_KEYTAB parameter in the
sqlnet.ora file.
Table 6–1 (Cont.) Options for the okinit Utility
Option Description