Subject: klist -- A KeyTab and TGT-cache list tool
Author: eLDAP
In response to: kinit -- A Kerberos client
Posted on: 03/12/2013 11:47:19 PM
klist allows the user to view entries in the local credentials cache and key tab.
Syntax
klist [-c [-fe]] [-k [-tK]] [<name>] [-help]
List entries in the credentials cache specified including credentials flag and address list:
klist -c -f FILE:C:\Users\test_user\krb5cc_test_user
Credentials cache: FILE:C:\Users\test_user\krb5cc_test_user
Default principal: test_user@TEST_REALM.COM, 1 entry found.
[1] Service Principal: krbtgt/TEST_REALM.COM@TEST_REALM.COM
Valid starting: May 04, 2012 16:17
Expires: May 05, 2012 02:17
Flags: INITIAL;PRE-AUTHENT
can also be used to list entries in the keytab:
klist -k -t -K FILE:C:\temp\test_user.keytab
>
> On 03/12/2013 11:43:45 PM
eLDAP wrote:
kinit is used to authenticate user to KDC and obtain and cache Kerberos Ticket-Granting Ticket(TGT).
Syntax
kinit [-fp] [-c <cache_name>] [-k] [-t <keytab_filename>] [<principal>] [<password>] [-help]
Examples:
Authenticate user test_user with <password>
C:\temp>kinit test_user@TEST_REALM.COM
Password for test_user@TEST_REALM.COM:<password>
New ticket is stored in cache file C:\Users\test_user\krb5cc_test_user
Authenticate user test_user with default keytab
C:\temp>kinit test_user@TEST_REALM.COM -k
New ticket is stored in cache file C:\Users\test_user\krb5cc_test_user
Authenticate user test_user with specified keytab
C:\temp>kinit test_user@TEST_REALM.COM -k -t FILE:C:\temp\test_user.keytab
New ticket is stored in cache file C:\Users\test_user\krb5cc_test_user
Note:
By default, on the Windows platform a cache file named <USER_HOME>\krb5cc_<USER_NAME> will be generated.
By default, for all Unix platforms a cache file named /tmp/krb5cc_<uid> is generated.
C:\Windows\krb5.ini needs to be configured properly for target KDC.
References:
