![]() | Documentation Contents |
kinit is used to obtain and cache Kerberos ticket-granting tickets. This tool is similar in functionality to the kinit tool that are commonly found in other Kerberos implementations, such as SEAM and MIT Reference implementations.
The user must be registered as a principal with the Key Distribution Center (KDC) prior to running kinit.
kinit [ commands ] <principal name> [<password>]
By default, on the Windows platform a cache file named
<USER_HOME>\krb5cc_<USER_NAME>will be generated.<uid>is the user identification number of the user logged into the system. By default, for all Unix platforms a cache file named/tmp/krb5cc_<uid>is generated.
<USER_HOME>is obtained from thejava.lang.Systempropertyuser.home.<USER_NAME>is obtained fromjava.lang.Systempropertyuser.name. If<USER_HOME>is null, the cache file would be stored in the current directory that the program is running from.<USER_NAME>is the operating system's login username. This username could be different than the user's principal name. For example on Windows NT, it could bec:\winnt\profiles\duke\krb5cc_duke, in whichdukeis the<USER_NAME>andc:\winnt\profiles\dukeis the<USER_HOME>.By default, the keytab name is retrieved from the Kerberos configuration file. If the keytab name is not specifed in the Kerberos configuration file, the name is assumed to be
<USER_HOME>\krb5.keytabIf you do not specify the password using the
passwordoption on the command line, kinit will prompt you for the password.Note:
passwordis provided only for testing purposes. Do not place your password in a script or provide your password on the command line. Doing so will compromise your password.For more information see the man pages for kinit.
Usage:
kinit [-fp] [-c <cache_name>] [-k] [-t <keytab_filename>] [<principal>] [<password>] [-help]
Command Option Description -fIssue a forwardable ticket. -pIssue a proxiable ticket. -c <cache_name>The cache name (i.e., FILE:d:\temp\mykrb5cc).-kUse keytab -t <keytab_filename>The keytab name (i.e, d:\winnt\profiles\duke\krb5.keytab).<principal>The principal name (i.e., duke@java.sun.com).<password>The principal's Kerberos password.
(DO NOT SPECIFY ON COMMAND LINE OR IN A SCRIPT.)-helpDisplays instructions.
Requesting credentials valid for authentication from the current client host, for the default services, storing the credentials cache in the default location (
c:\winnt\profiles\duke\krb5cc_duke):
kinit duke@JAVA.SUN.COMRequesting proxiable credentials for a different principal and storing these credentials in a specified file cache:
kinit -p -c FILE:c:\winnt\profiles\duke\credentials\krb5cc_cafebeef cafebeef@JAVA.SUN.COMRequesting proxiable and forwardable credentials for a different principal and storing these credentials in a specified file cache:
kinit -f -p -c FILE:c:\winnt\profiles\duke\credentials\krb5cc_cafebeef cafebeef@JAVA.SUN.COMDisplaying the help menu for kinit:
kinit -help
The
passwordflag is for testing purposes only. Do not specify your password on the command line. Doing so is a security hole since an attacker could discover your password while running the Unixpscommand, for example.
Copyright © 1993, 2010, Oracle and/or its affiliates. All rights reserved. Please send comments using this Feedback page. |
Java Technology |