doc/rst_source/krb_users/user_commands/klist.rst


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113

klist - list cached Kerberos tickets
======================================


SYNOPSIS
~~~~~~~~

**klist**
      [**-e**] 
      [[**-c**] [**-l**] [**-A**] [**-f**] [**-s**] [**-a** [**-n**]]]
      [**-k**  [**-t**]  [**-K**]]
      [**-V**]
      [*cache_name* | *keytab_name*]


DESCRIPTION
~~~~~~~~~~~~

*klist* lists the Kerberos principal and Kerberos tickets held in a credentials cache, or the keys held in a *keytab* file.


OPTIONS
~~~~~~~~

     **-e**
          Displays the encryption types of the session key and the ticket for each credential in the credential cache,
          or each key in the keytab file.

     **-l**
          If a cache collection is available, displays a table
          summarizing the caches present in the collection.

     **-A**
          If a cache collection is available, displays the contents of
          all of the caches in the collection.

     **-c**
          List tickets held in a credentials cache. This is the default if neither *-c* nor *-k* is specified.

     **-f**
          Shows the flags present in the credentials, using the following abbreviations::

               F    Forwardable
               f    forwarded
               P    Proxiable
               p    proxy
               D    postDateable
               d    postdated
               R    Renewable
               I    Initial
               i    invalid
               H    Hardware authenticated
               A    preAuthenticated
               T    Transit policy checked
               O    Okay as delegate
               a    anonymous

     **-s**   
          Causes *klist* to run silently (produce no output), but to still set the exit status according to whether it
          finds the credentials cache. The exit status is '0' if *klist* finds a credentials cache, and '1' if it does not
          or if the tickets are expired.

     **-a**
          Display list of addresses in credentials.

     **-n**
          Show numeric addresses instead of reverse-resolving addresses.

     **-k**
          List keys held in a keytab file.

     **-t**
          Display the time entry timestamps for each keytab entry in the keytab file.

     **-K**
          Display the value of the encryption key in each *keytab* entry in the *keytab* file.

     **-V**
          Display the Kerberos version number and exit.

     If **cache_name** or **keytab_name** is not specified, *klist* will display the credentials in the default credentials cache or
     *keytab* file as appropriate. If the *KRB5CCNAME* environment variable is set, its value is used to name the default ticket cache.


ENVIRONMENT
~~~~~~~~~~~~~

*klist* uses the following environment variables:

     **KRB5CCNAME**
          Location of the default Kerberos 5 credentials (ticket)
          cache, in the form *type*:*residual*.  If no type prefix is
          present, the **FILE** type is assumed.  The type of the
          default cache may determine the availability of a cache
          collection; for instance, a default cache of type **DIR**
          causes caches within the directory to be present in the
          collection.


FILES
~~~~~~~~~

/tmp/krb5cc_[uid] - Default location of Kerberos 5 credentials cache ([uid] is the decimal UID of the user).

/etc/krb5.keytab - Default location for the local host's keytab file.


SEE ALSO
~~~~~~~~~

kinit(1), kdestroy(1), krb5(3)