kinit is used to obtain and cache Kerberos ticket-granting tickets. Emoji for outlook email subject line mac. This tool is similar in functionality to the kinit tool that are commonly found in other Kerberos implementations, such as SEAM and MIT Reference implementations.
![File File](https://1.bp.blogspot.com/-anY30VvO9mA/XgnrWdKuXwI/AAAAAAAAAGE/zMEe7RnED0o6lfleQZZA7CCSakxFu5rpQCLcBGAsYHQ/s1600/Ticket-viewer.png)
The user must be registered as a principal with the Key Distribution Center (KDC) prior to running kinit.
By default, the keytab name is retrieved from the Kerberos configuration file. If the keytab name is not specifed in the Kerberos configuration file, the name is assumed to be krb5.keytab. If you do not specify the password using the password option on the command line, kinit will prompt you for the password. To generate a keytab for MIT Kerberos. If you are using MIT Kerberos for authentication, log on to the domain controller computer as a user with administrator permissions and perform the following steps. Use the ktadd on the command line utility to generate the keytab file. Ktadd -k file HTTP/@.
SYNOPSIS
Keytab files are a potential point of security break-ins in a Kerberos environment, thus security of these files is fundamental to the security of the system. Once replicated to all primary-candidate hosts, provide the path of the keytab file as the value of the KEYTAB parameter in the Kerberos secegokerberos.conf plug-in configuration file. Creating and verifying a keytab file for the 'serverdbuser' Spotfire database account in the research.example.com domain: ktutil ktutil: addentry -password -p serverdbuser -k 0 -e rc4-hmac-nt Password for serverdbuser: ktutil: writekt spotfire-database.keytab ktutil: quit klist -k spotfire-database.keytab kinit -k -t spotfire-database.keytab [email protected].
DESCRIPTION
By default, on the Windows platform a cache file named
<USER_HOME>krb5cc_<USER_NAME>
will be generated. <uid>
is the user identification number of the user logged into the system.<USER_HOME>
is obtained from the java.lang.System
property user.home
. <USER_NAME>
is obtained from java.lang.System
property user.name
. If <USER_HOME>
is null, the cache file would be stored in the current directory that the program is running from. <USER_NAME>
is the operating system's login username. This username could be different than the user's principal name. For example on Windows NT, it could be c:winntprofilesdukekrb5cc_duke
, in which duke
is the <USER_NAME>
and c:winntprofilesduke
is the <USER_HOME>
.By default, the keytab name is retrieved from the Kerberos configuration file. If the keytab name is not specifed in the Kerberos configuration file, the name is assumed to be
<USER_HOME>krb5.keytab
If you do not specify the password using the
password
option on the command line, kinit will prompt you for the password.- Note:
password
is provided only for testing purposes. Do not place your password in a script or provide your password on the command line. Doing so will compromise your password.
For more information see the man pages for kinit.
COMMANDS
Usage:
kinit [-fp] [-c <cache_name>] [-k] [-t <keytab_filename>] [<principal>] [<password>] [-help]
Command Option | Description |
---|---|
-A | Do not include addresses. |
-f | Issue a forwardable ticket. |
-p | Issue a proxiable ticket. |
-c <cache_name> | The cache name (i.e., FILE:d:tempmykrb5cc ). |
-k | Use keytab |
-t <keytab_filename> | The keytab name (i.e, d:winntprofilesdukekrb5.keytab ). |
<principal> | The principal name (i.e., [email protected] ). |
<password> | The principal's Kerberos password. (DO NOT SPECIFY ON COMMAND LINE OR IN A SCRIPT.) |
-help | Displays instructions. |
EXAMPLES
Requesting credentials valid for authentication from the current client host, for the default services, storing the credentials cache in the default location (
c:winntprofilesdukekrb5cc_duke
):Requesting proxiable credentials for a different principal and storing these credentials in a specified file cache:
Requesting proxiable and forwardable credentials for a different principal and storing these credentials in a specified file cache:
Displaying the help menu for kinit:
SECURITY ALERT
The
password
flag is for testing purposes only. Do not specify your password on the command line. Doing so is a security hole since an attacker could discover your password while enumerating all running processes in the system, for example.How To Generate Keytab File For Mac Pdf
Copyright © 1993, 2020, Oracle and/or its affiliates. All rights reserved.