You use the
kinit tool and its options to obtain and cache Kerberos ticket-granting tickets.
This tool is similar in functionality to the
kinit tool that is commonly found in other Kerberos implementations, such as SEAM and MIT Reference implementations. The user must be registered as a principal with the Key Distribution Center (KDC) prior to running
Initial ticket request:
kinit [-A] [-f] [-p] [-c cache_name] [-l lifetime] [-r renewable_time] [[-k [-t keytab_file_name]] [principal] [password]
Renew a ticket:
kinit -R [-c cachename] [principal]
By default, on Windows, a cache file named
USER_HOME\krb5cc_USER_NAME is generated.
USER_HOME is obtained from the
USER_NAME is obtained from the
USER_HOME is null, the cache file is stored in the current directory from which the program is running.
USER_NAME is the operating system's login user name. This user name could be different than the user's principal name. For example, on Windows, the cache file could be
C:\Windows\Users\duke\krb5cc_duke, in which
duke is the
C:\Windows\Users\duke is the
By default, the keytab name is retrieved from the Kerberos configuration file. If the keytab name isn’t specified in the Kerberos configuration file, the kinit tool assumes that the name is
If you don’t specify the password using the
password option on the command line, the
kinit tool prompts you for the password.
password option is provided only for testing purposes. Don’t specify your password in a script or provide your password on the command line. Doing so will compromise your password.
You can specify one of the following commands. After the command, specify the options for it.
Doesn’t include addresses.
Issues a forwardable ticket.
Issues a proxiable ticket.
The cache name (for example,
Sets the lifetime of a ticket.
Sets the total lifetime that a ticket can be renewed.
Renews a ticket.
The keytab name (for example,
The principal name (for example,
principal’s Kerberos password. Don’t specify this on the command line or in a script.
Requests credentials valid for authentication from the current client host, for the default services, storing the credentials cache in the default location (
Requests proxiable credentials for a different principal and store these credentials in a specified file cache:
kinit -p -c FILE:C:\Windows\Users\duke\credentials\krb5cc_cafebeef email@example.com
Requests proxiable and forwardable credentials for a different principal and stores these credentials in a specified file cache:
kinit -f -p -c FILE:C:\Windows\Users\duke\credentials\krb5cc_cafebeef firstname.lastname@example.org
Displays the help menu for the