diff options
| author | Greg Hudson <ghudson@mit.edu> | 2012-07-16 10:13:29 -0400 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2012-07-16 10:24:17 -0400 |
| commit | 194e0433f07e244aab59edcb22ea0c6e359f9f0d (patch) | |
| tree | e8c550ea4ee37b439de81b94e5541771a9f28a95 /doc | |
| parent | 6931507c87d6139b1dcea2ea97a6e3b145287438 (diff) | |
Add kinit/klist -i options to use client keytab
In combination with -k, -i will cause kinit or klist to use the
default client keytab instead of the default acceptor keytab. This
gives an easy way to figure out what default client keytab name is in
use and to get credentials using it.
ticket: 7216 (new)
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/rst_source/krb_users/user_commands/kinit.rst | 13 | ||||
| -rw-r--r-- | doc/rst_source/krb_users/user_commands/klist.rst | 5 |
2 files changed, 12 insertions, 6 deletions
diff --git a/doc/rst_source/krb_users/user_commands/kinit.rst b/doc/rst_source/krb_users/user_commands/kinit.rst index 6143c95e4..783bd7769 100644 --- a/doc/rst_source/krb_users/user_commands/kinit.rst +++ b/doc/rst_source/krb_users/user_commands/kinit.rst @@ -118,14 +118,15 @@ OPTIONS expired ticket cannot be renewed, even if the ticket is still within its renewable life. -**-k** [**-t** *keytab_file*] +**-k** [**-i** | **-t** *keytab_file*] requests a ticket, obtained from a key in the local host's keytab. The location of the keytab may be specified with the **-t** - *keytab_file* option; otherwise the default keytab will be used. - By default, a host ticket for the local host is requested, but any - principal may be specified. On a KDC, the special keytab location - ``KDB:`` can be used to indicate that kinit should open the KDC - database and look up the key directly. This permits an + *keytab_file* option, or with the **-i** option to specify the use + of the default client keytab; otherwise the default keytab will be + used. By default, a host ticket for the local host is requested, + but any principal may be specified. On a KDC, the special keytab + location ``KDB:`` can be used to indicate that kinit should open + the KDC database and look up the key directly. This permits an administrator to obtain tickets as any principal that supports authentication based on the key. diff --git a/doc/rst_source/krb_users/user_commands/klist.rst b/doc/rst_source/krb_users/user_commands/klist.rst index 5a9a076f4..0b867a867 100644 --- a/doc/rst_source/krb_users/user_commands/klist.rst +++ b/doc/rst_source/krb_users/user_commands/klist.rst @@ -77,6 +77,11 @@ OPTIONS **-k** List keys held in a keytab file. +**-i** + In combination with **-k**, defaults to using the default client + keytab instead of the default acceptor keytab, if no name is + given. + **-t** Display the time entry timestamps for each keytab entry in the keytab file. |