[1mSYNOPSIS[0m
[1mkinit [22m[[1m-V[22m] [[1m-l [4m[22mlifetime[24m] [[1m-s [4m[22mstart_time[24m] [[1m-r [4m[22mrenewable_life[24m] [[1m-p [22m| [1m-P[22m]
[[1m-f [22m| [1m-F[22m] [[1m-a[22m] [[1m-A[22m] [[1m-v[22m] [[1m-R[22m] [[1m-k [22m[[1m-t [4m[22mkeytab_file[24m]] [[1m-c[0m
[4mcache_name[24m] [[1m-S [4m[22mservice_name[24m][[1m-T [4m[22marmor_ccache[24m] [[1m-X[0m
[4mattribute[24m[=[4mvalue[24m]] [[4mprincipal[24m]
[1mDESCRIPTION[0m
[4mkinit[24m obtains and caches an initial ticket-granting ticket for [4mprinci-[0m
[4mpal[24m.
[1mOPTIONS[0m
[1m-V [22mdisplay verbose output.
[1m-l [4m[22mlifetime[0m
requests a ticket with the lifetime [4mlifetime[24m. The value for
[4mlifetime[24m must be followed immediately by one of the following
delimiters:
[1ms [22mseconds
[1mm [22mminutes
[1mh [22mhours
[1md [22mdays
as in "kinit -l 90m". You cannot mix units; a value of `3h30m'
will result in an error.
If the [1m-l [22moption is not specified, the default ticket lifetime
(configured by each site) is used. Specifying a ticket lifetime
longer than the maximum ticket lifetime (configured by each
site) results in a ticket with the maximum lifetime.
[1m-s [4m[22mstart_time[0m
requests a postdated ticket, valid starting at [4mstart_time[24m.
Postdated tickets are issued with the [4minvalid[24m flag set, and need
to be fed back to the kdc before use.
[1m-r [4m[22mrenewable_life[0m
requests renewable tickets, with a total lifetime of [4mrenew-[0m
[4mable_life[24m. The duration is in the same format as the [1m-l [22moption,
with the same delimiters.
[1m-f [22mrequest forwardable tickets.
[1m-F [22mdo not request forwardable tickets.
[1m-p [22mrequest proxiable tickets.
[1m-P [22mdo not request proxiable tickets.
[1m-a [22mrequest tickets with the local address[es].
[1m-A [22mrequest address-less tickets.
name and location will be used.
[1m-T [4m[22marmor_ccache[0m
Specifies the name of a credential cache that already contains a
ticket. This ccache will be used to armor the request. Ide-
ally, an attacker should have to attack both the armor ticket
and the key of the principal.
[1m-c [4m[22mcache_name[0m
use [4mcache_name[24m as the Kerberos 5 credentials (ticket) cache name
and location; if this option is not used, the default cache name
and location are used.
The default credentials cache may vary between systems. If the
[1mKRB5CCNAME [22menvironment variable is set, its value is used to
name the default ticket cache. Any existing contents of the
cache are destroyed by [4mkinit[24m.
[1m-S [4m[22mservice_name[0m
specify an alternate service name to use when getting initial
tickets.
[1m-X [4m[22mattribute[24m[=[4mvalue[24m]
specify a pre-authentication attribute and value to be passed to
pre-authentication plugins. The acceptable [4mattribute[24m and [4mvalue[0m
values vary from pre-authentication plugin to plugin. This
option may be specified multiple times to specify multiple
attributes. If no [4mvalue[24m is specified, it is assumed to be
"yes".
The following attributes are recognized by the OpenSSL pkinit
pre-authentication mechanism:
[1mX509_user_identity[22m=[4mvalue[0m
specify where to find user's X509 identity information
[1mX509_anchors[22m=[4mvalue[0m
specify where to find trusted X509 anchor information
[1mflag_RSA_PROTOCOL[22m[=yes]
specify use of RSA, rather than the default Diffie-Hellman protocol
[1mENVIRONMENT[0m
[1mKinit [22muses the following environment variables:
KRB5CCNAME Location of the Kerberos 5 credentials (ticket) cache.
[1mFILES[0m
/tmp/krb5cc_[uid] default location of Kerberos 5 credentials cache
([uid] is the decimal UID of the user).
/etc/krb5.keytab default location for the local host's [1mkeytab [22mfile.
[1mSEE ALSO[0m
Man(1) output converted with
man2html