Bash Cures Cancer
Learn the UNIX/Linux command line

Home     Man Pages     SpamDefeator 


KLIST(1)							     KLIST(1)



NAME
       klist - list cached Kerberos tickets

SYNOPSIS
       klist  [-5]  [-4]  [-e]	[[-c]  [-f]  [-s]  [-a	[-n]]] [-k [-t] [-K]]
       [cache_name | keytab_name]

DESCRIPTION
       Klist lists the Kerberos principal and Kerberos tickets held in a cre-
       dentials cache, or the keys held in a keytab file.  If klist was built
       with Kerberos 4 support, the default behavior is to list both Kerberos
       5  and Kerberos 4 credentials.  Otherwise, klist will default to list-
       ing only Kerberos 5 credentials.

OPTIONS
       -5     list Kerberos  5	credentials.   This  overrides	whatever  the
	      default built-in behavior may be.	 This option may be used with
	      -4

       -4     list Kerberos  4	credentials.   This  overrides	whatever  the
	      default  built-in	 behavior may be.  This option is only avail-
	      able if kinit was built with Kerberos  4	compatibility.	 This
	      option may be used with -5

       -e     displays the encryption types of the session key and the ticket
	      for each credential in the credential cache, or each key in the
	      keytab file.

       -c     List  tickets held in a credentials cache.  This is the default
	      if neither -c nor -k is specified.

       -f     shows the flags present in the credentials, using the following
	      abbreviations:

		   F	Forwardable
		   f	forwarded
		   P	Proxiable
		   p	proxy
		   D	postDateable
		   d	postdated
		   R	Renewable
		   I	Initial
		   i	invalid
		   H	Hardware authenticated
		   A	preAuthenticated
		   T	Transit policy checked
		   O	Okay as delegate
		   a	anonymous

       -s     causes  klist to run silently (produce no output), but to still
	      set the exit status according to whether it finds	 the  creden-
	      tials  cache.   The exit status is '0' if klist finds a creden-
	      tials cache, and '1' if it does not.

       -a     display list of addresses in credentials.

       -n     show numeric addresses instead of reverse-resolving  addresses.

       -k     List keys held in a keytab file.

       -t     display  the time entry timestamps for each keytab entry in the
	      keytab file.

       -K     display the value of the encryption key in each keytab entry in
	      the keytab file.

       If  cache_name or keytab_name is not specified, klist will display the
       credentials in the default credentials cache or keytab file as  appro-
       priate.	 If  the KRB5CCNAME environment variable is set, its value is
       used to name the default ticket cache.

ENVIRONMENT
       Klist uses the following environment variables:

       KRB5CCNAME      Location of the Kerberos 5 credentials (ticket) cache.

       KRBTKFILE      Filename	of the Kerberos 4 credentials (ticket) cache.

FILES
       /tmp/krb5cc_[uid]  default location of Kerberos	5  credentials	cache
			  ([uid] is the decimal UID of the user).

       /tmp/tkt[uid]  default location of Kerberos 4 credentials cache ([uid]
		      is the decimal UID of the user).

       /etc/krb5.keytab
		      default location for the local host's keytab file.

SEE ALSO
       kinit(1), kdestroy(1), krb5(3)



								     KLIST(1)


UNIX/Linux commands referenced on this page:
  1. kinit
  2. as
  3. display
  4. addresses
  5. time
  6. file