1999-09-19 21:56:09 +00:00
|
|
|
.\" $Id: kinit.1,v 1.4 1998/12/18 16:57:29 assar Exp $
|
|
|
|
.\" $FreeBSD$
|
1997-09-04 06:04:33 +00:00
|
|
|
.\" Copyright 1989 by the Massachusetts Institute of Technology.
|
|
|
|
.\"
|
|
|
|
.\" For copying and distribution information,
|
|
|
|
.\" please see the file <mit-copyright.h>.
|
|
|
|
.\"
|
|
|
|
.TH KINIT 1 "Kerberos Version 4.0" "MIT Project Athena"
|
|
|
|
.SH NAME
|
|
|
|
kinit \- Kerberos login utility
|
|
|
|
.SH SYNOPSIS
|
|
|
|
.B kinit
|
|
|
|
[
|
|
|
|
.B \-irvlp
|
|
|
|
]
|
|
|
|
.SH DESCRIPTION
|
|
|
|
The
|
|
|
|
.I kinit
|
|
|
|
command is used to login to the
|
|
|
|
Kerberos
|
|
|
|
authentication and authorization system.
|
|
|
|
Note that only registered
|
|
|
|
Kerberos
|
|
|
|
users can use the
|
|
|
|
Kerberos
|
|
|
|
system.
|
|
|
|
For information about registering as a
|
|
|
|
Kerberos
|
|
|
|
user,
|
|
|
|
see the
|
|
|
|
.I kerberos(1)
|
|
|
|
manual page.
|
|
|
|
.PP
|
|
|
|
If you are logged in to a workstation that is running the
|
|
|
|
.I toehold
|
|
|
|
service,
|
|
|
|
you do not have to use
|
|
|
|
.I kinit.
|
|
|
|
The
|
|
|
|
.I toehold
|
|
|
|
login procedure will log you into
|
|
|
|
Kerberos
|
|
|
|
automatically.
|
|
|
|
You will need to use
|
|
|
|
.I kinit
|
|
|
|
only in those situations in which
|
|
|
|
your original tickets have expired.
|
|
|
|
(Tickets expire in about a day.)
|
|
|
|
Note as well that
|
|
|
|
.I toehold
|
|
|
|
will automatically destroy your tickets when you logout from the workstation.
|
|
|
|
.PP
|
|
|
|
When you use
|
|
|
|
.I kinit
|
|
|
|
without options,
|
|
|
|
the utility
|
|
|
|
prompts for your username and Kerberos password,
|
|
|
|
and tries to authenticate your login with the local
|
|
|
|
Kerberos
|
|
|
|
server.
|
|
|
|
.PP
|
|
|
|
If
|
|
|
|
Kerberos
|
|
|
|
authenticates the login attempt,
|
|
|
|
.I kinit
|
|
|
|
retrieves your initial ticket and puts it in the ticket file specified by
|
|
|
|
your KRBTKFILE environment variable.
|
|
|
|
If this variable is undefined,
|
|
|
|
your ticket will be stored in the
|
|
|
|
.IR /tmp
|
|
|
|
directory,
|
|
|
|
in the file
|
|
|
|
.I tktuid ,
|
|
|
|
where
|
|
|
|
.I uid
|
|
|
|
specifies your user identification number.
|
|
|
|
.PP
|
|
|
|
If you have logged in to
|
|
|
|
Kerberos
|
|
|
|
without the benefit of the workstation
|
|
|
|
.I toehold
|
|
|
|
system,
|
|
|
|
make sure you use the
|
|
|
|
.I kdestroy
|
|
|
|
command to destroy any active tickets before you end your login session.
|
|
|
|
You may want to put the
|
|
|
|
.I kdestroy
|
|
|
|
command in your
|
|
|
|
.I \.logout
|
|
|
|
file so that your tickets will be destroyed automatically when you logout.
|
|
|
|
.PP
|
|
|
|
The options to
|
|
|
|
.I kinit
|
|
|
|
are as follows:
|
|
|
|
.TP 7
|
|
|
|
.B \-i
|
|
|
|
.I kinit
|
|
|
|
prompts you for a
|
|
|
|
Kerberos
|
|
|
|
instance.
|
|
|
|
.TP
|
|
|
|
.B \-r
|
|
|
|
.I kinit
|
|
|
|
prompts you for a
|
|
|
|
Kerberos
|
|
|
|
realm.
|
|
|
|
This option lets you authenticate yourself with a remote
|
|
|
|
Kerberos
|
|
|
|
server.
|
|
|
|
.TP
|
|
|
|
.B \-v
|
|
|
|
Verbose mode.
|
|
|
|
.I kinit
|
1999-09-19 21:56:09 +00:00
|
|
|
prints the name of the ticket file used, and
|
1997-09-04 06:04:33 +00:00
|
|
|
a status message indicating the success or failure of
|
|
|
|
your login attempt.
|
|
|
|
.TP
|
|
|
|
.B \-l
|
|
|
|
.I kinit
|
|
|
|
prompts you for a ticket lifetime in minutes. Due to protocol
|
|
|
|
restrictions in Kerberos Version 4, this value must be between 5 and
|
|
|
|
1275 minutes.
|
|
|
|
.TP
|
|
|
|
.B \-p
|
|
|
|
.I kinit
|
1999-09-19 21:56:09 +00:00
|
|
|
will acquires a ticket for changepw.kerberos.
|
1997-09-04 06:04:33 +00:00
|
|
|
.SH SEE ALSO
|
|
|
|
.PP
|
|
|
|
kerberos(1), kdestroy(1), klist(1), toehold(1)
|
|
|
|
.SH BUGS
|
|
|
|
The
|
|
|
|
.B \-r
|
|
|
|
option has not been fully implemented.
|
|
|
|
.SH AUTHORS
|
|
|
|
Steve Miller, MIT Project Athena/Digital Equipment Corporation
|
|
|
|
.br
|
|
|
|
Clifford Neuman, MIT Project Athena
|