klist - list cached Kerberos tickets
klist [-e] [[-c] [-l] [-A] [-f] [-s] [-a [-n]]] [-C] [-k [-t] [-K]] [-V] [cache_name|keytab_name]
KLIST(1) MIT Kerberos KLIST(1)
NAME
klist - list cached Kerberos tickets
SYNOPSIS
klist [-e] [[-c] [-l] [-A] [-f] [-s] [-a [-n]]] [-C] [-k [-t] [-K]]
[-V] [cache_name|keytab_name]
DESCRIPTION
klist lists the Kerberos principal and Kerberos tickets held in a cre-
dentials cache, or the keys held in a keytab file.
OPTIONS
-e Displays the encryption types of the session key and the ticket
for each credential in the credential cache, or each key in the
keytab file.
-l If a cache collection is available, displays a table summarizing
the caches present in the collection.
-A If a cache collection is available, displays the contents of all
of the caches in the collection.
-c List tickets held in a credentials cache. This is the default if
neither -c nor -k is specified.
-f Shows the flags present in the credentials, using the following
abbreviations:
F Forwardable
f forwarded
P Proxiable
p proxy
D postDateable
d postdated
R Renewable
I Initial
i invalid
H Hardware authenticated
A preAuthenticated
T Transit policy checked
O Okay as delegate
a anonymous
-s Causes klist to run silently (produce no output). klist will
exit with status 1 if the credentials cache cannot be read or is
expired, and with status 0 otherwise.
-a Display list of addresses in credentials.
-n Show numeric addresses instead of reverse-resolving addresses.
-C List configuration data that has been stored in the credentials
cache when klist encounters it. By default, configuration data
is not listed.
-k List keys held in a keytab file.
-i In combination with -k, defaults to using the default client
keytab instead of the default acceptor keytab, if no name is
given.
-t Display the time entry timestamps for each keytab entry in the
keytab file.
-K Display the value of the encryption key in each keytab entry in
the keytab file.
-V Display the Kerberos version number and exit.
If cache_name or keytab_name is not specified, klist will display the
credentials in the default credentials cache or keytab file as appro-
priate. If the KRB5CCNAME environment variable is set, its value is
used to locate the default ticket cache.
ENVIRONMENT
klist uses the following environment variable:
KRB5CCNAME
Location of the default Kerberos 5 credentials (ticket) cache,
in the form type:residual. If no type prefix is present, the
FILE type is assumed. The type of the default cache may deter-
mine the availability of a cache collection; for instance, a
default cache of type DIR causes caches within the directory to
be present in the collection.
FILES
FILE:/tmp/volatile-user/%{uid}/krb5cc_%{uid}
Default location of Kerberos 5 credentials cache
FILE:/etc/krb5/krb5.keytab
Default location for the local host's keytab file.
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
+---------------+------------------------+
|ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+---------------+------------------------+
|Availability | security/kerberos-5 |
+---------------+------------------------+
|Stability | Pass-through committed |
+---------------+------------------------+
SEE ALSO
kinit(1), kdestroy(1)
AUTHOR
MIT
COPYRIGHT
1985-2018, MIT
NOTES
This software was built from source available at
https://github.com/oracle/solaris-userland. The original community
source was downloaded from http://web.mit.edu/ker-
beros/dist/krb5/1.16/krb5-1.16.1.tar.gz
Further information about this software can be found on the open source
community website at http://web.mit.edu/kerberos/.
1.16.1 KLIST(1)