KGETCRED(1) | General Commands Manual | KGETCRED(1) |
kgetcred
—
kgetcred |
[- -canonicalize ]
[- -canonical ]
[-c -cache |
- -cache= cache]
[-e enctype |
- -enctype= enctype]
[- -debug ]
[-H |
- -hostbased ]
[- -name-type= name-type]
[- -no-transit-check ]
[- -no-store ]
[- -cached-only ]
[- -version ]
[- -help ]
principal |
kgetcred |
[options] - -hostbased
principal |
kgetcred |
[options] - -hostbased
service hostname
[extra-components] |
kgetcred
obtains a ticket for the given service
principal. Usually tickets for services are obtained automatically when needed
but sometimes for some odd reason you want to obtain a particular ticket or of
a special type.
If -
-hostbased
is
given then the given service principal name will be canonicalized (see
below).
The third form constructs a host-based principal from the given service name and hostname. The service name "host" is used if the given service name in the third usage is the empty string.
For host-based names, the local host's hostname is used if the given hostname is the empty string or if the principal has a single component.
Any additional components will be included, even for host-based service principal names, but there are no defaults nor local canonicalization rules for additional components.
Local name canonicalization rules are applied unless the
-
-canonical
option is given.
Currently local name canonicalization rules are supported only for
host-based principal names' hostname component.
The principal's realm name may be canonicalized by following
Kerberos referrals from the client principal's home realm if the
-
-canonicalize
option is
given or if the local name canonicalization rules are configured to use
referrals.
Supported options:
-
-canonicalize
-
-canonical
-
-name-type=
name-type-
-hostbased
-
-name-type=srv_hst
.-c
cache,
-
-cache=
cache-
-delegation-credential-cache=
cache-e
enctype,
-
-enctype=
enctype-
-no-transit-check
-
-no-store
-
-cached-only
-
-forwardable
-
-debug
-
-version
-
-help
If the -
-canonical
option is used, then no further canonicalization should be done locally by
the client (for example, DNS), but if
-
-canonicalize
is used, then
the client will ask that the KDC canonicalize the name.
If the
-
-canonicalize
option is
used with -
-hostbased
a
host-based name-type, and
-
-canonical
is not used,
then the hostname will be canonicalized according to the name
canonicalization rules in krb5.conf.
GSS-API initiator applications with host-based services will get
the same behavior as using the
-
-canonicalize
-
-hostbased
options
here.
March 12, 2004 | NetBSD 9.4 |