diff options
Diffstat (limited to 'src/clients')
| -rw-r--r-- | src/clients/kinit/kinit.M | 171 |
1 files changed, 99 insertions, 72 deletions
diff --git a/src/clients/kinit/kinit.M b/src/clients/kinit/kinit.M index 3108a0aad..b35dd67da 100644 --- a/src/clients/kinit/kinit.M +++ b/src/clients/kinit/kinit.M @@ -17,96 +17,123 @@ .\" permission. M.I.T. makes no representations about the suitability of .\" this software for any purpose. It is provided "as is" without express .\" or implied warranty. -.\" -.\" -.TH KINIT 1 "Kerberos Version 5.0" "MIT Project Athena" +.\" " +.so man1/header.doc +.TH KINIT 1 \*h .SH NAME kinit \- obtain and cache Kerberos ticket-granting ticket .SH SYNOPSIS +.TP .B kinit -[ -.B \-l -.I lifetime -] [ -.B \-s -.I starttime -] [ -.B \-v -] [ -.B \-p -] [ -.B \-f -] [ -.B \-r -.I rlife -] [ -.B \-R -] [ -.B \-c -.I cachename -] -.I principal +.ad l +[\fB\-l\fP \fIlifetime\fP] [\fB\-s\fP \fIstart_time\fP] [\fB\-v\fP] +[\fB\-p\fP] [\fB\-f\fP] [\fB\-k\fP [\fB\-t\fP \fIkeytab_file\fP]] +[\fB\-r\fP \fIrenewable_life\fP] [\fB\-R\fP] [\fB\-c\fP +\fIcache_name\fP] [\fB\-S\fP \fIservice_name\fP] [\fIprincipal\fP] +.ad b .br .SH DESCRIPTION .I kinit obtains and caches an initial ticket-granting ticket for .IR principal . -The +.SH OPTIONS +.TP +\fB\-l\fP \fIlifetime\fP +requests a ticket with the lifetime +.IR lifetime . +The value for +.I lifetime +must be followed immediately by one of the following delimiters: +.sp +.nf +.in +.3i +\fBs\fP seconds +\fBm\fP minutes +\fBh\fP hours +\fBd\fP days +.in -.3i +.fi +.sp +as in "kinit -l 90m". You cannot mix units; a value of `3h30m' will +result in an error. +.sp +If the .B \-l -option specifies the lifetime to be requested for the ticket; -if this option is not specified, the default ticket lifetime (configured -by each site) is used instead. -.PP -The -.B \-s -option specifies the start time, and causes you to get a postdated ticket. -Postdated tickets are issued with the +option is not specified, the default ticket lifetime (configured by each +site) is used. Specifying a ticket lifetime longer than the maximum +ticket lifetime (configured by each site) results in a ticket with the +maximum lifetime. +.TP +\fB\-s\fP \fIstart_time\fP +requests a postdated ticket, valid starting at +.IR start_time . +Postdated tickets are issued with the .I invalid -flag set, and needs to be fed back to the kdc before use. This may be -accomplished by using the +flag set, and need to be fed back to the kdc before use. +.TP .B \-v -option. -.PP -The -.B \-p -option specifies that the PROXIABLE option should be requested for the +requests that the ticket granting ticket in the cache (with the +.I invalid +flag set) be passed to the kdc for validation. If the ticket is within +its requested time range, the cache is replaced with the validated ticket. -.PP -The +.TP +.B \-p +request proxiable tickets. +.TP .B \-f -option specifies that the FORWARDABLE option should be requested for the -ticket. -.PP -The -.B \-r -.I rlife -option specifies that the RENEWABLE option should be requested for the -ticket, and specifies the desired total lifetime of the ticket. To renew -the ticket, the +request forwardable tickets. +.TP +\fB\-r\fP \fIrenewable_life\fP +requests renewable tickets, with a total lifetime of +.IR renewable_life . +The duration is in the same format as the +.B \-l +option, with the same delimiters. +.TP .B \-R -option is used. Note that you must renew the ticket before it has -expired. -.PP -The -.B \-c -option can be used to specify an alternate credentials cache; if this -option is not used, the default cache is used. Any contents of the -cache are destroyed by -.IR kinit . -.PP -The -.B \-s -option can be used to specify an alternate service name to use when -getting initial tickets. -.PP -The default credentials cache may vary between systems; however, if the +requests renewal of the ticket-granting ticket. Note that an expired +ticket cannot be renewed, even if the ticket is still within its +renewable life. +.TP +\fB\-k\fP [\fB\-t\fP \fIkeytab_file\fP] +requests a host ticket, obtained from a key in the local host's +.I keytab +file. The name and location of the keytab file may be specified with +the +.B \-t +.I keytab_file +option; otherwise the default name and location will be used. +.TP +\fB\-c\fP \fIcache_name\fP +use +.I cache_name +as the credentials (ticket) cache name and location; if this option is +not used, the default cache name and location are used. +.sp +The default credentials cache may vary between systems. If the .B KRB5CCNAME environment variable is set, its value is used to name the default -ticket cache. +ticket cache. Any existing contents of the cache are destroyed by +.IR kinit . +.TP +\fB\-S\fP \fIservice_name\fP +specify an alternate service name to use when +getting initial tickets. +.SH ENVIRONMENT +.B Kinit +uses the following environment variable: +.TP "\w'.SM KRB5CCNAME\ \ 'u" +.SM KRB5CCNAME +Location of the credentials (ticket) cache. .SH FILES -.TP 2i +.TP "\w'/tmp/krb5cc_[uid]\ \ 'u" /tmp/krb5cc_[uid] -as the normal default credentials cache ([uid] is the decimal UID of the user). +default credentials cache ([uid] is the decimal UID of the user). +.TP +/etc/v5srvtab +default location for the local host's +.B keytab +file. .SH SEE ALSO klist(1), kdestroy(1), krb5(3) -.SH BUGS |