NAME¶
klist
—
list Kerberos credentials
SYNOPSIS¶
klist |
[ -c
cache | - -cache= cache ]
[-s | -t | - -test ]
[-T | - -tokens ]
[-5 | - -v5 ]
[-v | - -verbose ]
[-l | - -list-caches ]
[-f ]
[- -version ]
[- -help ] |
DESCRIPTION¶
klist
reads and displays the current tickets
in the credential cache (also known as the ticket file).
Options supported:
-c
cache,
-
-cache=
cache
- credential cache to list
-s
,
-t
,
-
-test
- Test for there being an active and valid TGT for the local realm of the
user in the credential cache.
-T
,
-
-tokens
- display AFS tokens
-5
,
-
-v5
- display v5 cred cache (this is the default)
-f
- Include ticket flags in short form, each character stands for a specific
flag, as follows:
- F
- forwardable
- f
- forwarded
- P
- proxiable
- p
- proxied
- D
- postdate-able
- d
- postdated
- R
- renewable
- I
- initial
- i
- invalid
- A
- pre-authenticated
- H
- hardware authenticated
This information is also output with the
-
-verbose
option, but in a more verbose
way.
-v
,
-
-verbose
- Verbose output. Include all possible information:
- Server
- the principal the ticket is for
- Ticket etype
- the encryption type used in the ticket, followed by the key version of
the ticket, if it is available
- Session key
- the encryption type of the session key, if it's different from the
encryption type of the ticket
- Auth time
- the time the authentication exchange took place
- Start time
- the time that this ticket is valid from (only printed if it's
different from the auth time)
- End time
- when the ticket expires, if it has already expired this is also
noted
- Renew till
- the maximum possible end time of any ticket derived from this one
- Ticket flags
- the flags set on the ticket
- Addresses
- the set of addresses from which this ticket is valid
-l
,
-
-list-caches
- List the credential caches for the current users, not all cache types
supports listing multiple caches.
SEE ALSO¶
kdestroy(1),
kinit(1)