diff options
author | Sam Hartman <hartmans@mit.edu> | 2010-01-04 19:59:25 +0000 |
---|---|---|
committer | Sam Hartman <hartmans@mit.edu> | 2010-01-04 19:59:25 +0000 |
commit | 5cc1fcb345d57e7ac9203ab1d92a0a509de9193f (patch) | |
tree | 2fc6edfec2b5af75821acaad73027475e3ebc39f /src/clients/kinit | |
parent | 4c2630eb315e962261c4f02e629c18e288c69060 (diff) | |
download | krb5-5cc1fcb345d57e7ac9203ab1d92a0a509de9193f.tar.gz krb5-5cc1fcb345d57e7ac9203ab1d92a0a509de9193f.tar.xz krb5-5cc1fcb345d57e7ac9203ab1d92a0a509de9193f.zip |
Anonymous documentation
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23583 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/clients/kinit')
-rw-r--r-- | src/clients/kinit/kinit.M | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/src/clients/kinit/kinit.M b/src/clients/kinit/kinit.M index f50ca3ac31..1d434c0fbd 100644 --- a/src/clients/kinit/kinit.M +++ b/src/clients/kinit/kinit.M @@ -39,6 +39,7 @@ kinit \- obtain and cache Kerberos ticket-granting ticket [\fB\-E\fP] [\fB\-v\fP] [\fB\-R\fP] [\fB\-k\fP [\fB\-t\fP \fIkeytab_file\fP]] [\fB\-c\fP \fIcache_name\fP] +[\fB\-n\fP] [\fB\-S\fP \fIservice_name\fP][\fB\-T\fP \fIarmor_ccache\fP] [\fB\-X\fP \fIattribute\fP[=\fIvalue\fP]] [\fIprincipal\fP] @@ -138,6 +139,26 @@ the .I keytab_file option; otherwise the default name and location will be used. .TP +\fB-n\fP +Requests anonymous processing. Two types of anonymous principals are +supported. For fully anonymous Kerberos, configure pkinit on the KDC +and configure +.I pkinit_anchors +in the client's krb5.conf. Then use the +.B -n +option with a principal of the form +.I @REALM +(an empty principal name followed by the at-sign and a realm name). +If permitted by the KDC, an anonymous ticket will be returned. +A second form of anonymous tickets is supported; these realm-exposed +tickets hide the identity of the client but not the client's realm. +For this mode, use +.B kinit -n +with a normal principal name. If supported by the KDC, the principal +(but not realm) will be replaced by the anonymous principal. +As of release 1.8, the MIT Kerberos KDC only supports fully anonymous +operation. +.TP \fB\-T\fP \fIarmor_ccache\fP Specifies the name of a credential cache that already contains a ticket. If supported by the KDC, This ccache will be used to armor |