KVNO(1) MIT Kerberos KVNO(1) NAME kvno - print key version numbers of Kerberos principals SYNOPSIS kvno [-c ccache] [-e etype] [-k keytab] [-q] [-u | -S sname] [-P] [--cached-only] [--no-store] [--out-cache cache] [[{-F cert_file | {-I | -U} for_user} [-P]] | --u2u ccache] service1 service2 ... DESCRIPTION kvno acquires a service ticket for the specified Kerberos principals and prints out the key version numbers of each. OPTIONS -c ccache Specifies the name of a credentials cache to use (if not the de- fault) -e etype Specifies the enctype which will be requested for the session key of all the services named on the command line. This is use- ful in certain backward compatibility situations. -k keytab Decrypt the acquired tickets using keytab to confirm their va- lidity. -q Suppress printing output when successful. If a service ticket cannot be obtained, an error message will still be printed and kvno will exit with nonzero status. -u Use the unknown name type in requested service principal names. This option Cannot be used with -S. -P Specifies that the service1 service2 ... arguments are to be treated as services for which credentials should be acquired us- ing constrained delegation. This option is only valid when used in conjunction with protocol transition. -S sname Specifies that the service1 service2 ... arguments are inter- preted as hostnames, and the service principals are to be con- structed from those hostnames and the service name sname. The service hostnames will be canonicalized according to the usual rules for constructing service principals. -I for_user Specifies that protocol transition (S4U2Self) is to be used to acquire a ticket on behalf of for_user. If constrained delega- tion is not requested, the service name must match the creden- tials cache client principal. -U for_user Same as -I, but treats for_user as an enterprise name. -F cert_file Specifies that protocol transition is to be used, identifying the client principal with the X.509 certificate in cert_file. The certificate file must be in PEM format. --cached-only Only retrieve credentials already present in the cache, not from the KDC. (Added in release 1.19.) --no-store Do not store retrieved credentials in the cache. If --out-cache is also specified, credentials will still be stored into the output credential cache. (Added in release 1.19.) --out-cache ccache Initialize ccache and store all retrieved credentials into it. Do not store acquired credentials in the input cache. (Added in release 1.19.) --u2u ccache Requests a user-to-user ticket. ccache must contain a local krbtgt ticket for the server principal. The reported version number will typically be 0, as the resulting ticket is not en- crypted in the server's long-term key. ENVIRONMENT See kerberos(7) for a description of Kerberos environment variables. FILES FILE:/tmp/krb5cc_%{uid} Default location of the credentials cache SEE ALSO kinit(1), kdestroy(1), kerberos(7) AUTHOR MIT COPYRIGHT 1985-2022, MIT 1.20.1 KVNO(1)
Generated by dwww version 1.15 on Sat Jun 22 12:22:22 CEST 2024.