1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
|
<HTML>
<BODY>
<PRE>
<!-- Manpage converted by man2html 3.0.1 -->
</PRE>
<H2>NAME</H2><PRE>
klist - list cached Kerberos tickets
</PRE>
<H2>SYNOPSIS</H2><PRE>
<B>klist</B> [<B>-5</B>] [<B>-4</B>] [<B>-e</B>] [[<B>-c</B>] [<B>-f</B>] [<B>-s</B>] [<B>-a</B> [<B>-n</B>]]] [<B>-k</B> [<B>-t</B>]
[<B>-K</B>]] [<I>cache</I>_<I>name</I> | <I>keytab</I>_<I>name</I>]
</PRE>
<H2>DESCRIPTION</H2><PRE>
<I>Klist</I> lists the Kerberos principal and Kerberos tickets held
in a credentials cache, or the keys held in a <B>keytab</B> file.
If klist was built with Kerberos 4 support, the default
behavior is to list both Kerberos 5 and Kerberos 4 creden-
tials. Otherwise, klist will default to listing only Ker-
beros 5 credentials.
</PRE>
<H2>OPTIONS</H2><PRE>
-<B>5</B> list Kerberos 5 credentials. This overrides whatever
the default built-in behavior may be. This option may
be used with -<B>4</B>
-<B>4</B> list Kerberos 4 credentials. This overrides whatever
the default built-in behavior may be. This option is
only available if kinit was built with Kerberos 4 com-
patibility. This option may be used with -<B>5</B>
-<B>e</B> displays the encryption types of the session key and
the ticket for each credential in the credential cache,
or each key in the keytab file.
-<B>c</B> List tickets held in a credentials cache. This is the
default if neither -<B>c</B> nor -<B>k</B> is specified.
-<B>f</B> shows the flags present in the credentials, using the
following abbreviations:
F <B>F</B>orwardable
f <B>f</B>orwarded
P <B>P</B>roxiable
p <B>p</B>roxy
D post<B>D</B>ateable
d post<B>d</B>ated
R <B>R</B>enewable
I <B>I</B>nitial
i <B>i</B>nvalid
H <B>H</B>ardware authenticated
A pre<B>A</B>uthenticated
T <B>T</B>ransit policy checked
O <B>O</B>kay as delegate
a <B>a</B>nonymous
-<B>s</B> causes <B>klist</B> to run silently (produce no output), but
to still set the exit status according to whether it
finds the credentials cache. The exit status is `0' if
<B>klist</B> finds a credentials cache, and `1' if it does not
or if the tickets are
expired.
-<B>a</B> display list of addresses in credentials.
-<B>n</B> show numeric addresses instead of reverse-resolving
addresses.
<B>-k</B> List keys held in a <B>keytab</B> file.
-<B>t</B> display the time entry timestamps for each keytab entry
in the keytab file.
-<B>K</B> display the value of the encryption key in each keytab
entry in the keytab file.
If <I>cache</I>_<I>name</I> or <I>keytab</I>_<I>name</I> is not specified, klist will
display the credentials in the default credentials cache or
keytab file as appropriate. If the <B>KRB5CCNAME</B> environment
variable is set, its value is used to name the default
ticket cache.
</PRE>
<H2>ENVIRONMENT</H2><PRE>
<B>Klist</B> uses the following environment variables:
KRB5CCNAME Location of the Kerberos 5 credentials
(ticket) cache.
KRBTKFILE Filename of the Kerberos 4 credentials
(ticket) cache.
</PRE>
<H2>FILES</H2><PRE>
/tmp/krb5cc_[uid] default location of Kerberos 5 creden-
tials cache ([uid] is the decimal UID of
the user).
/tmp/tkt[uid] default location of Kerberos 4 credentials
cache ([uid] is the decimal UID of the user).
/etc/krb5.keytab
default location for the local host's <B>keytab</B>
file.
</PRE>
<H2>SEE ALSO</H2><PRE>
<B>kinit(1)</B>, <B>kdestroy(1)</B>, <B>krb5(3)</B>
</PRE>
<HR>
<ADDRESS>
Man(1) output converted with
<a href="http://www.oac.uci.edu/indiv/ehood/man2html.html">man2html</a>
</ADDRESS>
</BODY>
</HTML>
|
