friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
master
ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzaha_5.4.0.1/rzahajgssknit.htm

151 lines
8.5 KiB
HTML
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="reference" />
<meta name="DC.Title" content="com.ibm.security.krb5.internal.tools Class Kinit" />
<meta name="abstract" content="Kinit tool for obtaining Kerberos v5 tickets." />
<meta name="description" content="Kinit tool for obtaining Kerberos v5 tickets." />
<meta name="DC.Relation" scheme="URI" content="rzahajgssconcept10.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzahajgssknit" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>com.ibm.security.krb5.internal.tools Class Kinit</title>
</head>
<body id="rzahajgssknit"><a name="rzahajgssknit"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">com.ibm.security.krb5.internal.tools Class Kinit</h1>
<div><p>Kinit tool for obtaining Kerberos v5 tickets.</p>
<div class="section"><p><samp class="codeph">java.lang.Object<br />
|<br />
+--com.ibm.security.krb5.internal.tools.Kinit</samp></p>
</div>
<div class="section"><p>public class <strong>Kinit</strong><br />
extends java.lang.Object</p>
<p>Kinit tool for obtaining Kerberos v5 tickets.</p>
</div>
<div class="section"><h4 class="sectiontitle">Constructor summary</h4><p><samp class="codeph">Kinit(java.lang.String[] args)</samp><br />
Constructs a new Kinit object.</p>
</div>
<div class="section"><h4 class="sectiontitle">Method summary</h4>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" frame="border" border="1" rules="all"><tbody><tr><td valign="top" width="25.628140703517587%"><samp class="codeph">static void</samp></td>
<td valign="top" width="74.37185929648241%"><p><samp class="codeph">main(java.lang.String[] args)</samp><br />
The main method is used to accept user command line input for ticket request. </p>
</td>
</tr>
</tbody>
</table>
</div>
<p><strong>Methods inherited from class java.lang.Object</strong></p>
<p><samp class="codeph">equals,
getClass, hashCode, notify, notifyAll, toString, wait, wait, wait</samp></p>
</div>
<div class="section"><h4 class="sectiontitle">Constructor detail</h4><p><strong>Kinit</strong></p>
<div class="p"><p><samp class="codeph">public Kinit(java.lang.String[] args)<br />
      throws java.io.IOException,<br />
             RealmException,<br />
             KrbException</samp></p>
</div>
<p>Constructs a new Kinit object.</p>
<dl><dt class="dlterm">Parameters:</dt>
<dd><samp class="codeph">args</samp> - array of ticket request options. Available options
are: -f, -F, -p, -P, -c, -k, principal, password.</dd>
</dl>
<dl><dt class="dlterm">Throws:</dt>
<dd><p>    java.io.IOException - if an I/O error occurs.<br />
    RealmException - if the Realm could not be instantiated.<br />
    KrbException - if error occurs during Kerberos operation.</p>
</dd>
</dl>
</div>
<div class="section"><h4 class="sectiontitle">Method detail</h4><p><strong>main</strong></p>
<p><samp class="codeph">public static
void main(java.lang.String[] args)</samp></p>
<p>The main method is used
to accept user command line input for ticket request.</p>
<div class="p"> Usage: java com.ibm.security.krb5.tools.Kinit
[-f] [-F] [-p] [-P] [-k] [-c cache name] [principal] [password]<ul><li><strong>-f</strong> forwardable</li>
<li><strong>-F</strong> not forwardable</li>
<li><strong>-p</strong> proxiable</li>
<li><strong>-P</strong> not proxiable</li>
<li><strong>-c</strong> cache name (i.e., FILE:d:\temp\mykrb5cc)</li>
<li><strong>-k</strong> use keytab</li>
<li><strong>-t</strong> keytab file name</li>
<li>principal the principal name (i.e., qwedf qwedf@IBM.COM)</li>
<li>password the principal's Kerberos password</li>
</ul>
</div>
<p>Use java com.ibm.security.krb5.tools.Kinit -help to bring up help
menu.</p>
<p>We currently only support file-based credentials cache. By default,
a cache file named krb5cc_{user.name} would be generated at {user.home} directory
to store the ticket obtained from KDC. For instance, on Windows NT, it could
be c:\winnt\profiles\qwedf\krb5cc_qwedf, in which qwedf is the {user.name},
and c:\winnt\profile\qwedf is the {user.home}. {user.home} is obtained by
Kerberos from Java system property "user.home". If in some case {user.home}
is null (which barely happens), the cache file would be stored in the current
directory that the program is running from. {user.name} is operating system's
login username. It could be different from user's principal name. One user
could have multiple principal names, but the primary principal of the credentials
cache could only be one, which means one cache file could only store tickets
for one specific user principal. If the user switches the principal name at
the next Kinit, the cache file generated for the new ticket would overwrite
the old cache file by default. To avoid overwriting, you need to specify a
different directory or different cache file name when you request a new ticket.</p>
<p><strong>Cache
file location</strong></p>
<div class="p"> There are several ways to define user specific cache
file name and location, they are listed as follows in the order that Kerberos
searches for: <ol><li><strong>-c</strong> option. Use java com.ibm.security.krb5.tools.Kinit -c FILE:&lt;user
specific directory and file name&gt;. "FILE:" is the prefix to identify the credentials
cache type. The default is file-based type.</li>
<li>Set Java system property "KRB5CCNAME" by using -DKRB5CCNAME=FILE:&lt;user
specific directory and file name&gt; during runtime.</li>
<li>Set environment variable "KRB5CCNAME" at command prompt before the runtime.
Different operating system has different way to set environment variables.
For example, Windows uses set KRB5CCNAME=FILE:&lt;user specific directory
and file name&gt;, while UNIX uses export KRB5CCNAME=FILE:&lt;user specific directory
and file name&gt;. Note that Kerberos relies on system specific command to retrieve
environment variable. The command used on UNIX is "/usr/bin/env".</li>
</ol>
</div>
<p> KRB5CCNAME is case sensitive and is all upper case.</p>
<div class="p"> If
KRB5CCNAME is not set as described above, a default cache file is used. The
default cache is located in the following order:<ol><li>/tmp/krb5cc_&lt;uid&gt; on Unix platforms, where &lt;uid&gt; is the user id
of the user running the Kinit JVM</li>
<li>&lt;user.home&gt;/krb5cc_&lt;user.name&gt;, where &lt;user.home&gt; and &lt;user.name&gt;
are the Java user.home and user.name properties, respectively</li>
<li>&lt;user.home&gt;/krb5cc (if &lt;user.name&gt; cannot be obtained from the JVM)</li>
</ol>
</div>
<p><strong>KDC Communication Timeout</strong></p>
<p>Kinit communicates with
the Key Distribution Center (KDC) to acquire a ticket-granting ticket, that
is, the credential. This communication can be set to timeout if the KDC does
not respond within a certain period. The timeout period can be set (in milliseconds)
in the Kerberos configuration file in the libdefaults stanza (to be applicable
to all KDCs) or in individual KDC stanzas. The default timeout value is 30
seconds.</p>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzahajgssconcept10.htm" title="The identity under which an application engages in JGSS secure communication with a peer is called a principal. A principal may be a real user or an unattended service. A principal acquires security mechanism-specific credentials as proof of identity under that mechanism.">Principals and credentials</a></div>
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink