�[1mSYNOPSIS�[0m
�[1mkinit �[22m[�[1m-5�[22m] [�[1m-4�[22m] [�[1m-V�[22m] [�[1m-l �[4m�[22mlifetime�[24m] [�[1m-s �[4m�[22mstart_time�[24m] [�[1m-r �[4m�[22mrenewable_life�[24m]
[�[1m-p �[22m| �[1m-P�[22m] [�[1m-f �[22m| �[1m-F�[22m] [�[1m-a�[22m] [�[1m-A�[22m] [�[1m-v�[22m] [�[1m-R�[22m] [�[1m-k �[22m[�[1m-t �[4m�[22mkeytab_file�[24m]]
[�[1m-c �[4m�[22mcache_name�[24m] [�[1m-S �[4m�[22mservice_name�[24m] [�[1m-X �[4m�[22mattribute�[24m[=�[4mvalue�[24m]] [�[4mprin-�[0m
�[4mcipal�[24m]
�[1mDESCRIPTION�[0m
�[4mkinit�[24m obtains and caches an initial ticket-granting ticket for �[4mprinci-�[0m
�[4mpal�[24m. The typical default behavior is to acquire only Kerberos 5 tick-
ets. However, if kinit was built with both Kerberos 4 support and with
the default behavior of acquiring both types of tickets, it will try to
acquire both Kerberos 5 and Kerberos 4 by default. Any documentation
particular to Kerberos 4 does not apply if Kerberos 4 support was not
built into kinit.
�[1mOPTIONS�[0m
�[1m-5 �[22mget Kerberos 5 tickets. This overrides whatever the default
built-in behavior may be. This option may be used with �[1m-4�[0m
�[1m-4 �[22mget Kerberos 4 tickets. This overrides whatever the default
built-in behavior may be. This option is only available if
kinit was built with Kerberos 4 compatibility. This option may
be used with �[1m-5�[0m
�[1m-V �[22mdisplay verbose output.
�[1m-l �[4m�[22mlifetime�[0m
requests a ticket with the lifetime �[4mlifetime�[24m. The value for
�[4mlifetime�[24m must be followed immediately by one of the following
delimiters:
�[1ms �[22mseconds
�[1mm �[22mminutes
�[1mh �[22mhours
�[1md �[22mdays
as in "kinit -l 90m". You cannot mix units; a value of `3h30m'
will result in an error.
If the �[1m-l �[22moption is not specified, the default ticket lifetime
(configured by each site) is used. Specifying a ticket lifetime
longer than the maximum ticket lifetime (configured by each
site) results in a ticket with the maximum lifetime.
�[1m-s �[4m�[22mstart_time�[0m
requests a postdated ticket, valid starting at �[4mstart_time�[24m.
Postdated tickets are issued with the �[4minvalid�[24m flag set, and need
to be fed back to the kdc before use. (Not applicable to Ker-
beros 4.)
�[1m-r �[4m�[22mrenewable_life�[0m
requests renewable tickets, with a total lifetime of �[4mrenew-�[0m
Kerberos 4.)
�[1m-A �[22mrequest address-less tickets. (Not applicable to Kerberos 4.)
�[1m-v �[22mrequests that the ticket granting ticket in the cache (with the
�[4minvalid�[24m flag set) be passed to the kdc for validation. If the
ticket is within its requested time range, the cache is replaced
with the validated ticket. (Not applicable to Kerberos 4.)
�[1m-R �[22mrequests renewal of the ticket-granting ticket. Note that an
expired ticket cannot be renewed, even if the ticket is still
within its renewable life. When using this option with Kerberos
4, the kdc must support Kerberos 5 to Kerberos 4 ticket conver-
sion.
�[1m-k �[22m[�[1m-t �[4m�[22mkeytab_file�[24m]
requests a host ticket, obtained from a key in the local host's
�[4mkeytab�[24m file. The name and location of the keytab file may be
specified with the �[1m-t �[4m�[22mkeytab_file�[24m option; otherwise the default
name and location will be used. When using this option with
Kerberos 4, the kdc must support Kerberos 5 to Kerberos 4 ticket
conversion.
�[1m-c �[4m�[22mcache_name�[0m
use �[4mcache_name�[24m as the Kerberos 5 credentials (ticket) cache name
and location; if this option is not used, the default cache name
and location are used.
The default credentials cache may vary between systems. If the
�[1mKRB5CCNAME �[22menvironment variable is set, its value is used to
name the default ticket cache. Any existing contents of the
cache are destroyed by �[4mkinit�[24m. (Note: The default name for Ker-
beros 4 comes from the �[1mKRBTKFILE �[22menvironment variable. This
option does not apply to Kerberos 4.)
�[1m-S �[4m�[22mservice_name�[0m
specify an alternate service name to use when getting initial
tickets. (Applicable to Kerberos 5 or if using both Kerberos 5
and Kerberos 4 with a kdc that supports Kerberos 5 to Kerberos 4
ticket conversion.)
�[1m-X �[4m�[22mattribute�[24m[=�[4mvalue�[24m]
specify a pre-authentication attribute and value to be passed to
pre-authentication plugins. The acceptable �[4mattribute�[24m and �[4mvalue�[0m
values vary from pre-authentication plugin to plugin. This
option may be specified multiple times to specify multiple
attributes. If no �[4mvalue�[24m is specified, it is assumed to be
"yes".
The following attributes are recognized by the OpenSSL pkinit
pre-authentication mechanism:
�[1mX509_user_identity�[22m=�[4mvalue�[0m
�[1mFILES�[0m
/tmp/krb5cc_[uid] default location of Kerberos 5 credentials cache
([uid] is the decimal UID of the user).
/tmp/tkt[uid] default location of Kerberos 4 credentials cache ([uid]
is the decimal UID of the user).
/etc/krb5.keytab
default location for the local host's �[1mkeytab �[22mfile.
�[1mSEE ALSO�[0m
klist(1), kdestroy(1), kerberos(1)
KINIT(1)
Man(1) output converted with
man2html