Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
KVNO(1)				 MIT Kerberos			       KVNO(1)

NAME
       kvno - print key	version	numbers	of Kerberos principals

SYNOPSIS
       kvno  [-c  ccache]  [-e	etype]	[-k  keytab] [-q] [-u |	-S sname] [-P]
       [--cached-only] [--no-store] [--out-cache cache]	[[{-F cert_file	|  {-I
       | -U} for_user} [-P]] | --u2u ccache] service1 service2 ...

DESCRIPTION
       kvno  acquires  a  service ticket for the specified Kerberos principals
       and prints out the key version numbers of each.

OPTIONS
       -c ccache
	      Specifies	the name of a credentials cache	to use (if not the de-
	      fault)

       -e etype
	      Specifies	 the  enctype  which will be requested for the session
	      key of all the services named on the command line.  This is use-
	      ful in certain backward compatibility situations.

       -k keytab
	      Decrypt  the  acquired tickets using keytab to confirm their va-
	      lidity.

       -q     Suppress printing	output when successful.	 If a  service	ticket
	      cannot  be  obtained, an error message will still	be printed and
	      kvno will	exit with nonzero status.

       -u     Use the unknown name type	in requested service principal	names.
	      This option Cannot be used with -S.

       -P     Specifies	 that  the  service1 service2 ...  arguments are to be
	      treated as services for which credentials	should be acquired us-
	      ing constrained delegation.  This	option is only valid when used
	      in conjunction with protocol transition.

       -S sname
	      Specifies	that the service1 service2 ...	arguments  are	inter-
	      preted  as  hostnames, and the service principals	are to be con-
	      structed from those hostnames and	the service name  sname.   The
	      service  hostnames  will be canonicalized	according to the usual
	      rules for	constructing service principals.

       -I for_user
	      Specifies	that protocol transition (S4U2Self) is to be  used  to
	      acquire  a ticket	on behalf of for_user.	If constrained delega-
	      tion is not requested, the service name must match  the  creden-
	      tials cache client principal.

       -U for_user
	      Same as -I, but treats for_user as an enterprise name.

       -F cert_file
	      Specifies	 that  protocol	 transition is to be used, identifying
	      the client principal with	the X.509  certificate	in  cert_file.
	      The certificate file must	be in PEM format.

       --cached-only
	      Only retrieve credentials	already	present	in the cache, not from
	      the KDC.	(Added in release 1.19.)

       --no-store
	      Do not store retrieved credentials in the	cache.	If --out-cache
	      is  also	specified,  credentials	 will still be stored into the
	      output credential	cache.	(Added in release 1.19.)

       --out-cache ccache
	      Initialize ccache	and store all retrieved	credentials  into  it.
	      Do not store acquired credentials	in the input cache.  (Added in
	      release 1.19.)

       --u2u ccache
	      Requests a user-to-user ticket.  ccache  must  contain  a	 local
	      krbtgt  ticket  for  the server principal.  The reported version
	      number will typically be 0, as the resulting ticket is  not  en-
	      crypted in the server's long-term	key.

ENVIRONMENT
       See kerberos(7) for a description of Kerberos environment variables.

FILES
       FILE:/tmp/krb5cc_%{uid}
	      Default location of the credentials cache

SEE ALSO
       kinit(1), kdestroy(1), kerberos(7)

AUTHOR
       MIT

COPYRIGHT
       1985-2021, MIT

1.20								       KVNO(1)

NAME | SYNOPSIS | DESCRIPTION | OPTIONS | ENVIRONMENT | FILES | SEE ALSO | AUTHOR | COPYRIGHT

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=kvno&sektion=1&manpath=FreeBSD+13.0-RELEASE+and+Ports>

home | help