:man| Alphabetical   Categories   About us 
KLIST (1) | General commands | Unix Manual Pages | :man


klist - list Kerberos credentials


See Also


klist [-c cache | Xo --cache= cache ] [-s-| -t -| --test ] [-4-| --v4 ] [-T-| --tokens ] [-5-| --v5 ] [-v-| --verbose ] [-f] [--version] [--help]


klist reads and displays the current tickets in the crential cache (also known as the ticket file).

Options supported:

-c cache, --cache= cache
credentials cache to list
-s , -t , --test
Test for there being an active and valid TGT for the local realm of the user in the credential cache.
-4 , --v4
display v4 tickets
-T , --tokens
display AFS tokens
-5 , --v5
display v5 cred cache (this is the default)
-f Include ticket flags in short form, each charcted stands for a specific flag, as follows:
F forwardable
f forwarded
P proxiable
p proxied
D postdate-able
d postdated
R renewable
I initial
i invalid
A pre-authenticated
H hardware authenticated

This information is also output with the --verbose option, but in a more verbose way.

-v , --verbose
Verbose output. Include all possible information:
the princial the ticket is for
Ticket etype
the encryption type use in the ticket, followed by the key version of the ticket, if it is available
Session key
the encryption type of the session key, if it’s different from the encryption type of the ticket
Auth time
the time the authentication exchange took place
Start time
the time that this tickets is valid from (only printed if it’s different from the auth time)
End time
when the ticket expires, if it has already expired this is also noted
Renew till
the maximum possible end time of any ticket derived from this one
Ticket flags
the flags set on the ticket
the set of addresses from which this ticket is valid


kdestroy(1), kinit(1)

Created by Blin Media, 2008-2013