man
1 kinit
kinit(1) General Commands Manual kinit(1)
NAME
kinit - kinit is used to obtain and cache Kerberos ticket-granting
tickets. This tool is similar in functionality to the kinit tool that
are commonly found in other Kerberos implementations, such as SEAM and
MIT Reference implementations.
The use must be registered as a principal with the Key Distribution
Center (KDC) prior to running kinit.
SYNOPSIS
kinit [ commands ] <principal name>
DESCRIPTION
By default, for all Unix platforms a cache file named /tmp/krb5cc_<uid>
will be generated. <uid> is the user identification number of the
user logged into the system. For all other platforms, a cache file
named <USER_HOME>/krb5cc_<USER_NAME> would be generated.
<USER_HOME> is obtained from the java.lang.System property user.home.
<USER_NAME> is obtained from java.lang.System property user.name. If
<USER_HOME> is null, the cache file would be stored in the current di-
rectory that the program is running from. <USER_NAME> is the operating
system's login username. This username could be different than the
user's principal name. For example on Solaris, it could be
/home/duke/krb5cc_duke, in which duke is the <USER_NAME> and
/home/duke is the <USER_HOME>.
By default, the keytab name is retrieved from the Kerberos configura-
tion file. If the keytab name is not specifed in the Kerberos configu-
ration file, the name is assumed to be <USER_HOME>/krb5.keytab
If you do not specify the password using the password option on the
command line, kinit will prompt you for the password.
Note: password is provided only for testing purposes. Do not place your
password in a script or provide your password on the command line. Do-
ing so will compromise your password.
For more information see the man pages for kinit.
COMMANDS
kinit -fp [ -c <cache_name> ] [ -k ] [ -t <keytab_filename> ] [ <prin-
cipal> ] [ <password> ] [ -help ]
-f Issue a forwardable ticket.
-p Issue a proxiable ticket.
-c <cache_name> The cache name (i.e., FILE:/temp/mykrb5cc).
-k Use keytab
-t <keytab_filename> The keytab name (i.e.,
/home/duke/krb5.keytab).
<principal>
The principal name (i.e., duke@java.sun.com).
<password>
The principal's Kerberos password. (DO NOT SPECIFY ON COMMAND
LINE OR IN A SCRIPT.)
-help Display instructions.
EXAMPLES
Requesting credentials valid for authentication from the current client
host, for the default services, storing the credentials cache in the
default location (/home/duke/krb5cc_duke):
kinit duke@JAVA.SUN.COM
Requesting proxiable credentials for a different principal and storing
these credentials in a specified file cache:
kinit -p -c FILE:/home/duke/credentials/krb5cc_cafebeef
cafebeef@JAVA.SUN.COM
Requesting proxiable and forwardable credentials for a different prin-
cipal and storing these credentials in a specified file cache:
kinit -f -p -c
FILE:/home/duke/credentials/krb5cc_cafebeef
cafebeef@JAVA.SUN.COM
Displaying the help menu for kinit:
kinit -help
SECURITY ALERT
The password flag is for testing purposes only. Do not specify your
password on the command line. Doing so is a security hole since an at-
tacker could discover your password while running the Unix ps command,
for example.
18 June 2002 kinit(1)