Creating a Kerberos Ticket

Normally, if PAM is configured properly, a ticket is created automatically when you log in, and you need not do anything special to obtain a ticket. However, you might need to create a ticket if your ticket expires. Also, you might need to use a different principal besides your default principal, for example, if you use rlogin -l to log in to a machine as someone else.

To create a ticket, use the kinit command.

% /usr/bin/kinit
 

The kinit command prompts you for your password. For the full syntax of the kinit command, see the kinit(1) man page.

Example 26–1 Creating a Kerberos Ticket

This example shows a user, jennifer, creating a ticket on her own system.

% kinit
Password for jennifer@ENG.EXAMPLE.COM:  <Type password>
 

Here, the user david creates a ticket that is valid for three hours with the -l option.

% kinit -l 3h david@EXAMPLE.ORG
Password for david@EXAMPLE.ORG:  <Type password>
 

This example shows the user david creating a forwardable ticket (with the -f option) for himself. With this forwardable ticket, he can, for example, log in to a second system, and then telnet to a third system.

% kinit -f david@EXAMPLE.ORG
Password for david@EXAMPLE.ORG:     <Type password>
 

For more information on how forwarding tickets works, see Forwarding Kerberos Tickets and Types of Tickets.