FreeBSD Manual Pages
KGETCRED(1) General Commands Manual KGETCRED(1) NAME kgetcred -- get a ticket for a particular service SYNOPSIS kgetcred [--canonicalize] [--canonical] [-c -cache | --cache=cache] [-e enctype | --enctype=enctype] [--debug] [-H | --hostbased] [--name-type=name-type] [--no-transit-check] [--no-store] [--cached-only] [-n | --anonymous] [--version] [--help] principal kgetcred [options] --hostbased principal kgetcred [options] --hostbased service hostname [extra-components] DESCRIPTION kgetcred obtains a ticket for the given service principal. Usually tickets for services are obtained automatically when needed but some- times for some odd reason you want to obtain a particular ticket or of a special type. If --hostbased is given then the given service principal name will be canonicalized (see below). The third form constructs a host-based principal from the given service name and hostname. The service name "host" is used if the given service name in the third usage is the empty string. For host-based names, the local host's hostname is used if the given hostname is the empty string or if the principal has a single compo- nent. Any additional components will be included, even for host-based service principal names, but there are no defaults nor local canonicalization rules for additional components. Local name canonicalization rules are applied unless the --canonical option is given. Currently local name canonicalization rules are sup- ported only for host-based principal names' hostname component. The principal's realm name may be canonicalized by following Kerberos referrals from the client principal's home realm if the --canonicalize option is given or if the local name canonicalization rules are config- ured to use referrals. Supported options: --canonicalize requests that the KDC canonicalize the principal. Currently this only canonicalizes the realm by chasing referrals from the user's start realm, but in the future this may also enable the KDC to canonicalize the complete principal name. --canonical turns off local canonicalization of the principal name. --name-type=name-type the name-type to use when parsing the principal name. --hostbased is short for --name-type=srv_hst. -c cache, --cache=cache the credential cache to use. --delegation-credential-cache=cache the credential cache to use for delegation. -e enctype, --enctype=enctype encryption type to use. --no-transit-check requests that the KDC doesn't do transit checking. --no-store do not store tickets in the ccache. --cached-only do not talk the TGS, search only the ccache. --anonymous obtain an anonymous service ticket. --forwardable --debug enables debug output to stderr. --version --help If the --canonical option is used, then no further canonicalization should be done locally by the client (for example, DNS), but if --canonicalize is used, then the client will ask that the KDC canoni- calize the name. If the --canonicalize option is used with --hostbased a host-based name-type, and --canonical is not used, then the hostname will be canonicalized according to the name canonicalization rules in krb5.conf. GSS-API initiator applications with host-based services will get the same behavior as using the --canonicalize --hostbased options here. SEE ALSO kinit(1), klist(1), krb5.conf(5), krb5_openlog(3) HEIMDAL March 12, 2004 KGETCRED(1)
NAME | SYNOPSIS | DESCRIPTION | SEE ALSO
Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=kgetcred&sektion=1&manpath=FreeBSD+Ports+14.3.quarterly>