klist - list cached Kerberos tickets
klist [-e] [[-c] [-l] [-A] [-f] [-s] [-a [-n]]] [-C] [-k [-t] [-K]] [-V] [cache_name|keytab_name]
KLIST(1) MIT Kerberos KLIST(1) NAME klist - list cached Kerberos tickets SYNOPSIS klist [-e] [[-c] [-l] [-A] [-f] [-s] [-a [-n]]] [-C] [-k [-t] [-K]] [-V] [cache_name|keytab_name] DESCRIPTION klist lists the Kerberos principal and Kerberos tickets held in a cre- dentials cache, or the keys held in a keytab file. OPTIONS -e Displays the encryption types of the session key and the ticket for each credential in the credential cache, or each key in the keytab file. -l If a cache collection is available, displays a table summarizing the caches present in the collection. -A If a cache collection is available, displays the contents of all of the caches in the collection. -c List tickets held in a credentials cache. This is the default if neither -c nor -k is specified. -f Shows the flags present in the credentials, using the following abbreviations: F Forwardable f forwarded P Proxiable p proxy D postDateable d postdated R Renewable I Initial i invalid H Hardware authenticated A preAuthenticated T Transit policy checked O Okay as delegate a anonymous -s Causes klist to run silently (produce no output). klist will exit with status 1 if the credentials cache cannot be read or is expired, and with status 0 otherwise. -a Display list of addresses in credentials. -n Show numeric addresses instead of reverse-resolving addresses. -C List configuration data that has been stored in the credentials cache when klist encounters it. By default, configuration data is not listed. -k List keys held in a keytab file. -i In combination with -k, defaults to using the default client keytab instead of the default acceptor keytab, if no name is given. -t Display the time entry timestamps for each keytab entry in the keytab file. -K Display the value of the encryption key in each keytab entry in the keytab file. -V Display the Kerberos version number and exit. If cache_name or keytab_name is not specified, klist will display the credentials in the default credentials cache or keytab file as appro- priate. If the KRB5CCNAME environment variable is set, its value is used to locate the default ticket cache. ENVIRONMENT klist uses the following environment variable: KRB5CCNAME Location of the default Kerberos 5 credentials (ticket) cache, in the form type:residual. If no type prefix is present, the FILE type is assumed. The type of the default cache may deter- mine the availability of a cache collection; for instance, a default cache of type DIR causes caches within the directory to be present in the collection. FILES FILE:/tmp/volatile-user/%{uid}/krb5cc_%{uid} Default location of Kerberos 5 credentials cache FILE:/etc/krb5/krb5.keytab Default location for the local host's keytab file. ATTRIBUTES See attributes(7) for descriptions of the following attributes: +---------------+------------------------+ |ATTRIBUTE TYPE | ATTRIBUTE VALUE | +---------------+------------------------+ |Availability | security/kerberos-5 | +---------------+------------------------+ |Stability | Pass-through committed | +---------------+------------------------+ SEE ALSO kinit(1), kdestroy(1) AUTHOR MIT COPYRIGHT 1985-2018, MIT NOTES This software was built from source available at https://github.com/oracle/solaris-userland. The original community source was downloaded from http://web.mit.edu/ker- beros/dist/krb5/1.16/krb5-1.16.1.tar.gz Further information about this software can be found on the open source community website at http://web.mit.edu/kerberos/. 1.16.1 KLIST(1)