NAME
kgetcred —
get a ticket for a
particular service
SYNOPSIS
kgetcred |
[--canonicalize]
[--canonical]
[-c -cache |
--cache=cache]
[-e enctype |
--enctype=enctype]
[--debug]
[-H |
--hostbased]
[--name-type=name-type]
[--no-transit-check]
[--no-store]
[--cached-only]
[--version]
[--help]
principal |
kgetcred |
[options]
--hostbased
principal |
kgetcred |
[options]
--hostbased
service hostname
[extra-components] |
DESCRIPTION
kgetcred obtains a ticket for the given service principal.
Usually tickets for services are obtained automatically when needed but
sometimes for some odd reason you want to obtain a particular ticket or of a
special type.
If
--hostbased is given then the given
service principal name will be canonicalized (see below).
The third form constructs a host-based principal from the given service name and
hostname. The service name "host" is used if the given
service name in the third usage is the empty string.
For host-based names, the local host's hostname is used if the given
hostname is the empty string or if the
principal has a single component.
Any additional components will be included, even for host-based service
principal names, but there are no defaults nor local canonicalization rules
for additional components.
Local name canonicalization rules are applied unless the
--canonical option is given. Currently
local name canonicalization rules are supported only for host-based principal
names' hostname component.
The principal's realm name may be canonicalized by following Kerberos referrals
from the client principal's home realm if the
--canonicalize option is given or if the
local name canonicalization rules are configured to use referrals.
Supported options:
-
-
- --canonicalize
- requests that the KDC canonicalize the principal. Currently
this only canonicalizes the realm by chasing referrals from the user's
start realm, but in the future this may also enable the KDC to
canonicalize the complete principal name.
-
-
- --canonical
- turns off local canonicalization of the principal
name.
-
-
- --name-type=name-type
- the name-type to use when parsing the principal name.
-
-
- --hostbased
- is short for
--name-type=srv_hst.
-
-
- -c
cache,
--cache=cache
- the credential cache to use.
-
-
- --delegation-credential-cache=cache
- the credential cache to use for delegation.
-
-
- -e
enctype,
--enctype=enctype
- encryption type to use.
-
-
- --no-transit-check
- requests that the KDC doesn't do transit checking.
-
-
- --no-store
- do not store tickets in the ccache.
-
-
- --cached-only
- do not talk the TGS, search only the ccache.
-
-
- --forwardable
-
- --debug
- enables debug output to stderr.
-
-
- --version
-
- --help
-
If the
--canonical option is used, then no
further canonicalization should be done locally by the client (for example,
DNS), but if
--canonicalize is used, then
the client will ask that the KDC canonicalize the name.
If the
--canonicalize option is used with
--hostbased a host-based name-type, and
--canonical is not used, then the hostname
will be canonicalized according to the name canonicalization rules in
krb5.conf.
GSS-API initiator applications with host-based services will get the same
behavior as using the
--canonicalize
--hostbased options here.
SEE ALSO
kinit(1),
klist(1),
krb5.conf(5),
krb5_openlog(3)