diff options
Diffstat (limited to 'crypto/krb5/doc/html/user/user_commands/kinit.html')
| -rw-r--r-- | crypto/krb5/doc/html/user/user_commands/kinit.html | 336 |
1 files changed, 0 insertions, 336 deletions
diff --git a/crypto/krb5/doc/html/user/user_commands/kinit.html b/crypto/krb5/doc/html/user/user_commands/kinit.html deleted file mode 100644 index f647f24ec0a6..000000000000 --- a/crypto/krb5/doc/html/user/user_commands/kinit.html +++ /dev/null @@ -1,336 +0,0 @@ -<!DOCTYPE html> - -<html lang="en" data-content_root="../../"> - <head> - <meta charset="utf-8" /> - <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" /> - - <title>kinit — MIT Kerberos Documentation</title> - <link rel="stylesheet" type="text/css" href="../../_static/pygments.css?v=fa44fd50" /> - <link rel="stylesheet" type="text/css" href="../../_static/agogo.css?v=879f3c71" /> - <link rel="stylesheet" type="text/css" href="../../_static/kerb.css?v=6a0b3979" /> - <script src="../../_static/documentation_options.js?v=236fef3b"></script> - <script src="../../_static/doctools.js?v=888ff710"></script> - <script src="../../_static/sphinx_highlight.js?v=dc90522c"></script> - <link rel="author" title="About these documents" href="../../about.html" /> - <link rel="index" title="Index" href="../../genindex.html" /> - <link rel="search" title="Search" href="../../search.html" /> - <link rel="copyright" title="Copyright" href="../../copyright.html" /> - <link rel="next" title="klist" href="klist.html" /> - <link rel="prev" title="kdestroy" href="kdestroy.html" /> - </head><body> - <div class="header-wrapper"> - <div class="header"> - - - <h1><a href="../../index.html">MIT Kerberos Documentation</a></h1> - - <div class="rel"> - - <a href="../../index.html" title="Full Table of Contents" - accesskey="C">Contents</a> | - <a href="kdestroy.html" title="kdestroy" - accesskey="P">previous</a> | - <a href="klist.html" title="klist" - accesskey="N">next</a> | - <a href="../../genindex.html" title="General Index" - accesskey="I">index</a> | - <a href="../../search.html" title="Enter search criteria" - accesskey="S">Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__kinit">feedback</a> - </div> - </div> - </div> - - <div class="content-wrapper"> - <div class="content"> - <div class="document"> - - <div class="documentwrapper"> - <div class="bodywrapper"> - <div class="body" role="main"> - - <section id="kinit"> -<span id="kinit-1"></span><h1>kinit<a class="headerlink" href="#kinit" title="Link to this heading">¶</a></h1> -<section id="synopsis"> -<h2>SYNOPSIS<a class="headerlink" href="#synopsis" title="Link to this heading">¶</a></h2> -<p><strong>kinit</strong> -[<strong>-V</strong>] -[<strong>-l</strong> <em>lifetime</em>] -[<strong>-s</strong> <em>start_time</em>] -[<strong>-r</strong> <em>renewable_life</em>] -[<strong>-p</strong> | -<strong>P</strong>] -[<strong>-f</strong> | -<strong>F</strong>] -[<strong>-a</strong>] -[<strong>-A</strong>] -[<strong>-C</strong>] -[<strong>-E</strong>] -[<strong>-v</strong>] -[<strong>-R</strong>] -[<strong>-k</strong> [<strong>-i</strong> | -<strong>t</strong> <em>keytab_file</em>]] -[<strong>-c</strong> <em>cache_name</em>] -[<strong>-n</strong>] -[<strong>-S</strong> <em>service_name</em>] -[<strong>-I</strong> <em>input_ccache</em>] -[<strong>-T</strong> <em>armor_ccache</em>] -[<strong>-X</strong> <em>attribute</em>[=<em>value</em>]] -[<strong>–request-pac</strong> | <strong>–no-request-pac</strong>] -[<em>principal</em>]</p> -</section> -<section id="description"> -<h2>DESCRIPTION<a class="headerlink" href="#description" title="Link to this heading">¶</a></h2> -<p>kinit obtains and caches an initial ticket-granting ticket for -<em>principal</em>. If <em>principal</em> is absent, kinit chooses an appropriate -principal name based on existing credential cache contents or the -local username of the user invoking kinit. Some options modify the -choice of principal name.</p> -</section> -<section id="options"> -<h2>OPTIONS<a class="headerlink" href="#options" title="Link to this heading">¶</a></h2> -<dl> -<dt><strong>-V</strong></dt><dd><p>display verbose output.</p> -</dd> -<dt><strong>-l</strong> <em>lifetime</em></dt><dd><p>(<a class="reference internal" href="../../basic/date_format.html#duration"><span class="std std-ref">Time duration</span></a> string.) Requests a ticket with the lifetime -<em>lifetime</em>.</p> -<p>For example, <code class="docutils literal notranslate"><span class="pre">kinit</span> <span class="pre">-l</span> <span class="pre">5:30</span></code> or <code class="docutils literal notranslate"><span class="pre">kinit</span> <span class="pre">-l</span> <span class="pre">5h30m</span></code>.</p> -<p>If the <strong>-l</strong> option is not specified, the default ticket lifetime -(configured by each site) is used. Specifying a ticket lifetime -longer than the maximum ticket lifetime (configured by each site) -will not override the configured maximum ticket lifetime.</p> -</dd> -<dt><strong>-s</strong> <em>start_time</em></dt><dd><p>(<a class="reference internal" href="../../basic/date_format.html#duration"><span class="std std-ref">Time duration</span></a> string.) Requests a postdated ticket. Postdated -tickets are issued with the <strong>invalid</strong> flag set, and need to be -resubmitted to the KDC for validation before use.</p> -<p><em>start_time</em> specifies the duration of the delay before the ticket -can become valid.</p> -</dd> -<dt><strong>-r</strong> <em>renewable_life</em></dt><dd><p>(<a class="reference internal" href="../../basic/date_format.html#duration"><span class="std std-ref">Time duration</span></a> string.) Requests renewable tickets, with a total -lifetime of <em>renewable_life</em>.</p> -</dd> -<dt><strong>-f</strong></dt><dd><p>requests forwardable tickets.</p> -</dd> -<dt><strong>-F</strong></dt><dd><p>requests non-forwardable tickets.</p> -</dd> -<dt><strong>-p</strong></dt><dd><p>requests proxiable tickets.</p> -</dd> -<dt><strong>-P</strong></dt><dd><p>requests non-proxiable tickets.</p> -</dd> -<dt><strong>-a</strong></dt><dd><p>requests tickets restricted to the host’s local address[es].</p> -</dd> -<dt><strong>-A</strong></dt><dd><p>requests tickets not restricted by address.</p> -</dd> -<dt><strong>-C</strong></dt><dd><p>requests canonicalization of the principal name, and allows the -KDC to reply with a different client principal from the one -requested.</p> -</dd> -<dt><strong>-E</strong></dt><dd><p>treats the principal name as an enterprise name.</p> -</dd> -<dt><strong>-v</strong></dt><dd><p>requests that the ticket-granting ticket in the cache (with the -<strong>invalid</strong> flag set) be passed to the KDC for validation. If the -ticket is within its requested time range, the cache is replaced -with the validated ticket.</p> -</dd> -<dt><strong>-R</strong></dt><dd><p>requests renewal of the ticket-granting ticket. Note that an -expired ticket cannot be renewed, even if the ticket is still -within its renewable life.</p> -<p>Note that renewable tickets that have expired as reported by -<a class="reference internal" href="klist.html#klist-1"><span class="std std-ref">klist</span></a> may sometimes be renewed using this option, -because the KDC applies a grace period to account for client-KDC -clock skew. See <a class="reference internal" href="../../admin/conf_files/krb5_conf.html#krb5-conf-5"><span class="std std-ref">krb5.conf</span></a> <strong>clockskew</strong> setting.</p> -</dd> -<dt><strong>-k</strong> [<strong>-i</strong> | <strong>-t</strong> <em>keytab_file</em>]</dt><dd><p>requests a ticket, obtained from a key in the local host’s keytab. -The location of the keytab may be specified with the <strong>-t</strong> -<em>keytab_file</em> option, or with the <strong>-i</strong> option to specify the use -of the default client keytab; otherwise the default keytab will be -used. By default, a host ticket for the local host is requested, -but any principal may be specified. On a KDC, the special keytab -location <code class="docutils literal notranslate"><span class="pre">KDB:</span></code> can be used to indicate that kinit should open -the KDC database and look up the key directly. This permits an -administrator to obtain tickets as any principal that supports -authentication based on the key.</p> -</dd> -<dt><strong>-n</strong></dt><dd><p>Requests anonymous processing. Two types of anonymous principals -are supported.</p> -<p>For fully anonymous Kerberos, configure pkinit on the KDC and -configure <strong>pkinit_anchors</strong> in the client’s <a class="reference internal" href="../../admin/conf_files/krb5_conf.html#krb5-conf-5"><span class="std std-ref">krb5.conf</span></a>. -Then use the <strong>-n</strong> option with a principal of the form <code class="docutils literal notranslate"><span class="pre">@REALM</span></code> -(an empty principal name followed by the at-sign and a realm -name). If permitted by the KDC, an anonymous ticket will be -returned.</p> -<p>A second form of anonymous tickets is supported; these -realm-exposed tickets hide the identity of the client but not the -client’s realm. For this mode, use <code class="docutils literal notranslate"><span class="pre">kinit</span> <span class="pre">-n</span></code> with a normal -principal name. If supported by the KDC, the principal (but not -realm) will be replaced by the anonymous principal.</p> -<p>As of release 1.8, the MIT Kerberos KDC only supports fully -anonymous operation.</p> -</dd> -</dl> -<p><strong>-I</strong> <em>input_ccache</em></p> -<blockquote> -<div><p>Specifies the name of a credentials cache that already contains a -ticket. When obtaining that ticket, if information about how that -ticket was obtained was also stored to the cache, that information -will be used to affect how new credentials are obtained, including -preselecting the same methods of authenticating to the KDC.</p> -</div></blockquote> -<dl> -<dt><strong>-T</strong> <em>armor_ccache</em></dt><dd><p>Specifies the name of a credentials cache that already contains a -ticket. If supported by the KDC, this cache will be used to armor -the request, preventing offline dictionary attacks and allowing -the use of additional preauthentication mechanisms. Armoring also -makes sure that the response from the KDC is not modified in -transit.</p> -</dd> -<dt><strong>-c</strong> <em>cache_name</em></dt><dd><p>use <em>cache_name</em> as the Kerberos 5 credentials (ticket) cache -location. If this option is not used, the default cache location -is used.</p> -<p>The default cache location may vary between systems. If the -<strong>KRB5CCNAME</strong> environment variable is set, its value is used to -locate the default cache. If a principal name is specified and -the type of the default cache supports a collection (such as the -DIR type), an existing cache containing credentials for the -principal is selected or a new one is created and becomes the new -primary cache. Otherwise, any existing contents of the default -cache are destroyed by kinit.</p> -</dd> -<dt><strong>-S</strong> <em>service_name</em></dt><dd><p>specify an alternate service name to use when getting initial -tickets.</p> -</dd> -<dt><strong>-X</strong> <em>attribute</em>[=<em>value</em>]</dt><dd><p>specify a pre-authentication <em>attribute</em> and <em>value</em> to be -interpreted by pre-authentication modules. The acceptable -attribute and value values vary from module to module. This -option may be specified multiple times to specify multiple -attributes. If no value is specified, it is assumed to be “yes”.</p> -<p>The following attributes are recognized by the PKINIT -pre-authentication mechanism:</p> -<dl class="simple"> -<dt><strong>X509_user_identity</strong>=<em>value</em></dt><dd><p>specify where to find user’s X509 identity information</p> -</dd> -<dt><strong>X509_anchors</strong>=<em>value</em></dt><dd><p>specify where to find trusted X509 anchor information</p> -</dd> -<dt><strong>disable_freshness</strong>[<strong>=yes</strong>]</dt><dd><p>disable sending freshness tokens (for testing purposes only)</p> -</dd> -</dl> -</dd> -<dt><strong>–request-pac</strong> | <strong>–no-request-pac</strong></dt><dd><p>mutually exclusive. If <strong>–request-pac</strong> is set, ask the KDC to -include a PAC in authdata; if <strong>–no-request-pac</strong> is set, ask the -KDC not to include a PAC; if neither are set, the KDC will follow -its default, which is typically is to include a PAC if doing so is -supported.</p> -</dd> -</dl> -</section> -<section id="environment"> -<h2>ENVIRONMENT<a class="headerlink" href="#environment" title="Link to this heading">¶</a></h2> -<p>See <a class="reference internal" href="../user_config/kerberos.html#kerberos-7"><span class="std std-ref">kerberos</span></a> for a description of Kerberos environment -variables.</p> -</section> -<section id="files"> -<h2>FILES<a class="headerlink" href="#files" title="Link to this heading">¶</a></h2> -<dl class="simple"> -<dt><a class="reference internal" href="../../mitK5defaults.html#paths"><span class="std std-ref">DEFCCNAME</span></a></dt><dd><p>default location of Kerberos 5 credentials cache</p> -</dd> -<dt><a class="reference internal" href="../../mitK5defaults.html#paths"><span class="std std-ref">DEFKTNAME</span></a></dt><dd><p>default location for the local host’s keytab.</p> -</dd> -</dl> -</section> -<section id="see-also"> -<h2>SEE ALSO<a class="headerlink" href="#see-also" title="Link to this heading">¶</a></h2> -<p><a class="reference internal" href="klist.html#klist-1"><span class="std std-ref">klist</span></a>, <a class="reference internal" href="kdestroy.html#kdestroy-1"><span class="std std-ref">kdestroy</span></a>, <a class="reference internal" href="../user_config/kerberos.html#kerberos-7"><span class="std std-ref">kerberos</span></a></p> -</section> -</section> - - - <div class="clearer"></div> - </div> - </div> - </div> - </div> - <div class="sidebar"> - - <h2>On this page</h2> - <ul> -<li><a class="reference internal" href="#">kinit</a><ul> -<li><a class="reference internal" href="#synopsis">SYNOPSIS</a></li> -<li><a class="reference internal" href="#description">DESCRIPTION</a></li> -<li><a class="reference internal" href="#options">OPTIONS</a></li> -<li><a class="reference internal" href="#environment">ENVIRONMENT</a></li> -<li><a class="reference internal" href="#files">FILES</a></li> -<li><a class="reference internal" href="#see-also">SEE ALSO</a></li> -</ul> -</li> -</ul> - - <br/> - <h2>Table of contents</h2> - <ul class="current"> -<li class="toctree-l1 current"><a class="reference internal" href="../index.html">For users</a><ul class="current"> -<li class="toctree-l2"><a class="reference internal" href="../pwd_mgmt.html">Password management</a></li> -<li class="toctree-l2"><a class="reference internal" href="../tkt_mgmt.html">Ticket management</a></li> -<li class="toctree-l2"><a class="reference internal" href="../user_config/index.html">User config files</a></li> -<li class="toctree-l2 current"><a class="reference internal" href="index.html">User commands</a><ul class="current"> -<li class="toctree-l3"><a class="reference internal" href="kdestroy.html">kdestroy</a></li> -<li class="toctree-l3 current"><a class="current reference internal" href="#">kinit</a></li> -<li class="toctree-l3"><a class="reference internal" href="klist.html">klist</a></li> -<li class="toctree-l3"><a class="reference internal" href="kpasswd.html">kpasswd</a></li> -<li class="toctree-l3"><a class="reference internal" href="krb5-config.html">krb5-config</a></li> -<li class="toctree-l3"><a class="reference internal" href="ksu.html">ksu</a></li> -<li class="toctree-l3"><a class="reference internal" href="kswitch.html">kswitch</a></li> -<li class="toctree-l3"><a class="reference internal" href="kvno.html">kvno</a></li> -<li class="toctree-l3"><a class="reference internal" href="sclient.html">sclient</a></li> -</ul> -</li> -</ul> -</li> -<li class="toctree-l1"><a class="reference internal" href="../../admin/index.html">For administrators</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../appdev/index.html">For application developers</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../plugindev/index.html">For plugin module developers</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../build/index.html">Building Kerberos V5</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../basic/index.html">Kerberos V5 concepts</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../formats/index.html">Protocols and file formats</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../mitK5features.html">MIT Kerberos features</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../build_this.html">How to build this documentation from the source</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../about.html">Contributing to the MIT Kerberos Documentation</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../resources.html">Resources</a></li> -</ul> - - <br/> - <h4><a href="../../index.html">Full Table of Contents</a></h4> - <h4>Search</h4> - <form class="search" action="../../search.html" method="get"> - <input type="text" name="q" size="18" /> - <input type="submit" value="Go" /> - <input type="hidden" name="check_keywords" value="yes" /> - <input type="hidden" name="area" value="default" /> - </form> - - </div> - <div class="clearer"></div> - </div> - </div> - - <div class="footer-wrapper"> - <div class="footer" > - <div class="right" ><i>Release: 1.22-final</i><br /> - © <a href="../../copyright.html">Copyright</a> 1985-2025, MIT. - </div> - <div class="left"> - - <a href="../../index.html" title="Full Table of Contents" - >Contents</a> | - <a href="kdestroy.html" title="kdestroy" - >previous</a> | - <a href="klist.html" title="klist" - >next</a> | - <a href="../../genindex.html" title="General Index" - >index</a> | - <a href="../../search.html" title="Enter search criteria" - >Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__kinit">feedback</a> - </div> - </div> - </div> - - </body> -</html>
\ No newline at end of file |