friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
14ed2849c6
ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzakh_5.4.0.1/kinit.htm

150 lines
8.7 KiB
HTML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="reference" />
<meta name="DC.Title" content="kinit" />
<meta name="abstract" content="Use the Qshell command kinit to obtain or renew the Kerberos ticket granting ticket ." />
<meta name="description" content="Use the Qshell command kinit to obtain or renew the Kerberos ticket granting ticket ." />
<meta name="DC.Relation" scheme="URI" content="rzakhkinit.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="kinit" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>kinit</title>
</head>
<body id="kinit"><a name="kinit"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">kinit</h1>
<div><p>Use the Qshell command <span class="cmdname">kinit</span> to obtain or renew
the Kerberos ticket granting ticket .</p>
<div class="section"><h4 class="sectiontitle">Syntax</h4><blockquote><tt>kinit [-r time] [-R] [-p] [-f] [-A]
[-l time] [-c cache] [-k] [-t keytab] [principal]</tt> <p>Default public authority:
*USE</p>
</blockquote>
<p>The Qshell command <span class="cmdname">kinit</span> obtains or renews
the Kerberos ticket granting ticket .</p>
</div>
<div class="section"><h4 class="sectiontitle">Options</h4><dl><dt class="dlterm">-r time</dt>
<dd>The time interval for renewing a ticket. The ticket can no longer be renewed
after the expiration of this interval. The renew time must be greater than
the end time. If this option is not specified, the ticket is not renewable
(a renewable ticket may still be generated if the requested ticket lifetime
exceeds the maximum ticket lifetime). </dd>
<dt class="dlterm">-R</dt>
<dd> An existing ticket is to be renewed. When you renew an existing ticket,
you cannot specify any other ticket options. </dd>
<dt class="dlterm">-p</dt>
<dd>The ticket can be a proxy. If you do not specify this option, the ticket
cannot be a proxy. </dd>
<dt class="dlterm">-f</dt>
<dd> The ticket can be forwarded. If you do not specify this option, the ticket
cannot be forwarded. </dd>
<dt class="dlterm">-A</dt>
<dd> The ticket will not contain a list of client addresses. If you do not
specify this option, the ticket will contain the local host address list.
When an initial ticket contains an address list, it can be used only from
one of the addresses in the address list. </dd>
<dt class="dlterm">-l time</dt>
<dd>The ticket end-time interval. After this interval expires, the ticket
cannot be used unless it has been renewed. If you do not specify this option,
the interval is set to 10 hours. </dd>
<dt class="dlterm">-c cache</dt>
<dd>The name of the credentials cache that the kinit command will use. If
you do not specify this option, the command uses the default credentials cache. </dd>
<dt class="dlterm">-k</dt>
<dd>The key for the ticket principal is to be obtained from a key table. If
you do not specify this option, the system prompts you to enter the password
for the ticket principal. </dd>
<dt class="dlterm">-t keytab</dt>
<dd>The key table name. If you do not specify this option but do specify the <tt>-k</tt> option,
the system uses the default key table. The <tt>-t</tt> option implies the <tt>-k</tt> option. </dd>
<dt class="dlterm">principal</dt>
<dd>The ticket principal. If you do not specify the principal on the command
line, the system obtains the principal from the credentials cache. </dd>
</dl>
</div>
<div class="section"><h4 class="sectiontitle">Authorities</h4>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" width="100%" frame="border" border="1" rules="all"><thead align="left"><tr><th align="left" valign="bottom" width="65.75342465753424%" id="d0e101">Object Referred to</th>
<th align="left" valign="bottom" width="34.24657534246575%" id="d0e103">Authority Required</th>
</tr>
</thead>
<tbody><tr><td align="left" valign="top" width="65.75342465753424%" headers="d0e101 ">Each directory in the path name preceding
the key table file if <tt>-t</tt> option is specified</td>
<td align="left" valign="top" width="34.24657534246575%" headers="d0e103 ">*X</td>
</tr>
<tr><td align="left" valign="top" width="65.75342465753424%" headers="d0e101 ">Key table file when <tt>-t</tt> is specified</td>
<td align="left" valign="top" width="34.24657534246575%" headers="d0e103 ">*R</td>
</tr>
<tr><td align="left" valign="top" width="65.75342465753424%" headers="d0e101 ">Each directory in the path name preceding
the credentials cache file to be used</td>
<td align="left" valign="top" width="34.24657534246575%" headers="d0e103 ">*X</td>
</tr>
<tr><td align="left" valign="top" width="65.75342465753424%" headers="d0e101 ">Parent directory of the cache file to be
used, if specified by the <strong>KRB5CCNAME</strong> environment variable, and the
file is being created</td>
<td align="left" valign="top" width="34.24657534246575%" headers="d0e103 ">*WX</td>
</tr>
<tr><td align="left" valign="top" width="65.75342465753424%" headers="d0e101 ">Credentials cache file</td>
<td align="left" valign="top" width="34.24657534246575%" headers="d0e103 ">*RW</td>
</tr>
<tr><td align="left" valign="top" width="65.75342465753424%" headers="d0e101 ">Each directory in the paths to the configuration
files</td>
<td align="left" valign="top" width="34.24657534246575%" headers="d0e103 ">*X</td>
</tr>
<tr><td align="left" valign="top" width="65.75342465753424%" headers="d0e101 ">Configuration files</td>
<td align="left" valign="top" width="34.24657534246575%" headers="d0e103 ">*R</td>
</tr>
</tbody>
</table>
</div>
<p>To enable the Kerberos run time to find your credentials cache
file from any executing process, the name of the cache file is normally stored
in the home directory in a file named <strong>krb5ccname</strong>. The storage location
of the cache file name can be overridden by setting the environment variable <strong>_EUV_SEC_KRB5CCNAME_FILE</strong>.
To access this file, the user profile must have <strong>*X</strong> authority to each
directory in the path, and <strong>*R</strong> authority to the file where the cache
file name is stored. The first time that a user creates a credentials cache,
the user profile must have <strong>*WX</strong> authority to the parent directory.</p>
</div>
<div class="section"><h4 class="sectiontitle">Messages</h4><ul><li>The <tt>option_name</tt> option requires a value.</li>
<li><tt>command_option</tt> is not a valid command option.</li>
<li>No options allowed when renewing or validating ticket.</li>
<li>Unable to obtain name of default credentials cache.</li>
<li>Unable to resolve credentials cache <tt>file_name</tt>.</li>
<li>No initial ticket available.</li>
<li>Principal name must be specified.</li>
<li>Unable to retrieve ticket from credentials cache <tt>file_name</tt>.</li>
<li>Initial ticket is not renewable.</li>
<li><tt>option_value</tt> option is not valid for <tt>request_name</tt> request.</li>
<li>Unable to obtain initial credentials.</li>
<li>Unable to parse principal name.</li>
<li>Unable to resolve key table <tt>file_name</tt>.</li>
<li>Password is not correct for <tt>principal_name</tt>.</li>
<li>Unable to read password.</li>
<li>Unable to store initial credentials in credentials cache <tt>file_name</tt>.</li>
<li>Time delta value is not valid.</li>
</ul>
</div>
<div class="example"><p>For an example of how this command is used, see <a href="rzakhkinit.htm#rzakhkinit">Obtain or renew ticket granting tickets</a> .</p>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzakhkinit.htm" title="The kinit command obtains or renews a Kerberos ticket granting ticket.">Obtain or renew ticket granting tickets</a></div>
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink