Java Platform, Standard Edition Tools Reference
Contents Previous Next
kinit
Obtains and caches Kerberos ticket-granting tickets. This tool is similar in functionality to the kinit
tool that is commonly found in other Kerberos implementations, such as SEAM and MIT Reference implementations. The user must be registered as a principal with the Key Distribution Center (KDC) prior to running kinit
.
Description
By default, on Windows, a cache file named USER_HOME
\krb5cc_
USER_NAME
is generated.
The identifier USER_HOME
is obtained from the java.lang.System
property user.home
. USER_NAME
is obtained from the java.lang.System
property user.name
. If USER_HOME
is null, the cache file is stored in the current directory from which the program is running. USER_NAME
is the operating system's login user name. This user name could be different than the user's principal name. For example, on Windows NT, the cache file could be C:\winnt\profiles\duke\krb5cc_duke
, in which duke
is the USER_NAME
and C:\winnt\profiles\duke
is the USER_HOME
.
By default, the keytab name is retrieved from the Kerberos configuration file. If the keytab name is not specified in the Kerberos configuration file, the kinit tool assumes that the name is USER_HOME
\krb5.keytab
If you do not specify the password using the password
option on the command line, the kinit
tool prompts you for the password.
Note: Thepassword option is provided only for testing purposes. Do not specify your password in a script or provide your password on the command line. Doing so will compromise your password. |
Commands
You can specify one of the following commands. After the command, specify the options for it.
- -A
-
Do not include addresses.
- -f
-
Issue a forwardable ticket.
- -p
-
Issue a proxiable ticket.
- -c cache_name
-
The cache name (for example,
FILE:D:\temp\mykrb5cc
). - -k
-
Use keytab
- -t keytab_filename
-
The keytab name (for example,
D:\winnt\profiles\duke\krb5.keytab
). - principal
-
The principal name (for example,
duke@example.com
). - password
-
The principal's Kerberos password. Do not specify this on the command line or in a script.
- -help
-
Displays instructions.
Examples
Request credentials valid for authentication from the current client host, for the default services, storing the credentials cache in the default location (C:\winnt\profiles\duke\krb5cc_duke
):
kinit duke@example.com
Request proxiable credentials for a different principal and store these credentials in a specified file cache:
kinit -p -c FILE:C:\winnt\profiles\duke\credentials\krb5cc_cafebeef cafebeef@example.com
Request proxiable and forwardable credentials for a different principal and store these credentials in a specified file cache:
kinit -f -p -c FILE:C:\winnt\profiles\duke\credentials\krb5cc_cafebeef cafebeef@example.com
Display the help menu for the kinit
tool:
kinit -help