|
KLIST(1) |
General Commands Manual |
KLIST(1) |
NAME
klist — list Kerberos credentials
SYNOPSIS
|
klist |
[-c cache | --cache=cache] [-s | -t | --test] [-T | --tokens] [-5 | --v5] [-v | --verbose] [-l | --list-caches] [-f] [--version] [--help] |
DESCRIPTION
klist reads and displays the current tickets in the credential cache (also known as the ticket file).
Options supported:
-
-c cache, --cache=cache
-
credential cache to list
-
-s, -t, --test
-
Test for there being an active and valid TGT for the local realm of the user in the credential cache.
-
-T, --tokens
-
display AFS tokens
-
-5, --v5
-
display v5 cred cache (this is the default)
-
-f
-
Include ticket flags in short form, each character stands for a specific flag, as follows:
-
F
-
forwardable
-
f
-
forwarded
-
P
-
proxiable
-
p
-
proxied
-
D
-
postdate-able
-
d
-
postdated
-
R
-
renewable
-
I
-
initial
-
i
-
invalid
-
A
-
pre-authenticated
-
H
-
hardware authenticated
This information is also output with the --verbose option, but in a more verbose way.
-
-v, --verbose
-
Verbose output. Include all possible information:
-
Server
-
the principal the ticket is for
-
Ticket etype
-
the encryption type used in the ticket, followed by the key version of the ticket, if it is available
-
Session key
-
the encryption type of the session key, if it's different from the encryption type of the ticket
-
Auth time
-
the time the authentication exchange took place
-
Start time
-
the time that this ticket is valid from (only printed if it's different from the auth time)
-
End time
-
when the ticket expires, if it has already expired this is also noted
-
Renew till
-
the maximum possible end time of any ticket derived from this one
-
Ticket flags
-
the flags set on the ticket
-
Addresses
-
the set of addresses from which this ticket is valid
-
-l, --list-caches
-
List the credential caches for the current users, not all cache types supports listing multiple caches.