Sun and OracleChannel SunHow to BuyLog InEnglish

man pages section 1: User Commands
  Search only this book
Search Help
View this book in:
Contained Within
Find More Documentation
Featured Support Resources
 Download this book in PDF (6561 KB)

klist(1)

Name | Synopsis | Description | Options | Environment Variables | Files | Attributes | See Also | Bugs

Name

    klist– list currently held Kerberos tickets

Synopsis

    /usr/bin/klist [-e] 
     [ [-c] [-f] [-s] [-a [-n]] [cache_name]] 
     [-k [-t] [-K] [keytab_file]]

Description

    The klist utility prints the name of the credentials cache, the identity of the principal that the tickets are for (as listed in the ticket file), and the principal names of all Kerberos tickets currently held by the user, along with the issue and expiration time for each authenticator. Principal names are listed in the form name/instance@realm, with the '/' omitted if the instance is not included, and the '@' omitted if the realm is not included.

    If cache_file or keytab_name is not specified, klist displays the credentials in the default credentials cache or keytab files as appropriate. By default, your ticket is stored in the file /tmp/krb5cc_uid, where uid is the current user-ID of the user.

Options

    The following options are supported:

    -a

    Displays list of addresses in credentials. Uses the configured nameservice to translate numeric network addresses to the associated hostname if possible.

    -c [cache_name]

    Lists tickets held in a credentials cache. This is the default if neither -c nor -k is specified.

    -e

    Displays the encryption types of the session key and the ticket for each credential in the credential cache, or each key in the keytab file.

    -f

    Shows the flags present in the credentials, using the following abbreviations:

    a

    Anonymous

    A

    Pre-authenticated

    d

    Post-dated

    D

    Post-dateable

    f

    Forwarded

    F

    Forwardable

    H

    Hardware authenticated

    i

    Invalid

    I

    Initial

    O

    Okay as delegate

    p

    Proxy

    P

    Proxiable

    R

    Renewable

    T

    Transit policy checked

    -k [keytab_file]

    List keys held in a keytab file.

    -K

    Displays the value of the encryption key in each keytab entry in the keytab file.

    -n

    Shows numeric IP addresses instead of reverse-resolving addresses. Only valid with -a option.

    -s

    Causes klist to run silently (produce no output), but to still set the exit status according to whether it finds the credentials cache. The exit status is 0 if klist finds a credentials cache, and `1if it does not, or if the local-realm TGT has expired.

    -t

    Displays the time entry timestamps for each keytab entry in the keytab file.

Environment Variables

    klist uses the following environment variable:

    KRB5CCNAME

    Location of the credentials (ticket) cache. See krb5envvar(5) for syntax and details.

Files

    /tmp/krb5cc_uid

    Default credentials cache (uid is the decimal UID of the user).

    /etc/krb5/krb5.keytab

    Default location for the local host's keytab file.

    /etc/krb5/krb5.conf

    Default location for the local host's configuration file. See krb5.conf(4).

Attributes

    See attributes(5) for descriptions of the following attributes:

    ATTRIBUTE TYPE 

    ATTRIBUTE VALUE 

    Availability 

    SUNWkrbu 

    Interface Stability 

    See below. 

    The command arguments are Evolving. The command output is Unstable.

See Also

Bugs

    When reading a file as a service key file, very little error checking is performed.

SunOS 5.10  Last Revised 16 Nov 2006

Name | Synopsis | Description | Options | Environment Variables | Files | Attributes | See Also | Bugs