ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzakh_5.4.0.1/klist.htm

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
  PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="reference" />
<meta name="DC.Title" content="klist" />
<meta name="abstract" content="Use the Qshell command klist to display the contents of a Kerberos credentials cache or key table." />
<meta name="description" content="Use the Qshell command klist to display the contents of a Kerberos credentials cache or key table." />
<meta name="DC.Relation" scheme="URI" content="rzakhklist.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="klist" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>klist</title>
</head>
<body id="klist"><a name="klist"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">klist</h1>
<div><p>Use the Qshell command <span class="cmdname">klist</span> to display the
contents of a Kerberos credentials cache or key table.</p>
<div class="section"><h4 class="sectiontitle">Syntax</h4><span class="synph">klist [-a] [-e] [-c] [-f] [-s] [-k] [-t]
[-K] [filename]</span> <p>Default public authority: *USE</p>
<p>The Qshell
command <span class="cmdname">klist</span> displays the contents of a Kerberos credentials
cache or key table.</p>
</div>
<div class="section"><h4 class="sectiontitle">Options</h4><dl><dt class="dlterm">-a</dt>
<dd>Show all tickets in the credentials cache, including expired tickets.
If you do not specify this option, expired tickets are not listed. This option
is valid only when you list a credentials cache. </dd>
<dt class="dlterm">-e</dt>
<dd>Display the encryption type for the session key and the ticket. This option
is valid only when you list a credentials cache. </dd>
<dt class="dlterm">-c</dt>
<dd>List the tickets in a credentials cache. If neither the <tt>-c</tt> nor
the <tt>-k</tt> option is specified, this is the default. This option is mutually
exclusive with the <tt>-k</tt> option. </dd>
<dt class="dlterm">-f</dt>
<dd>Show the ticket flags, using the following abbreviations: 
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" frame="void" border="0" rules="none"><thead align="left"><tr><th align="left" valign="bottom" width="27.906976744186046%" id="d0e67">Abbreviation</th>
<th align="left" valign="bottom" width="72.09302325581395%" id="d0e69">Meaning</th>
</tr>
</thead>
<tbody><tr><td align="center" valign="top" width="27.906976744186046%" headers="d0e67 "><strong>F</strong> </td>
<td align="left" valign="top" width="72.09302325581395%" headers="d0e69 ">Ticket can be forwarded</td>
</tr>
<tr><td align="center" valign="top" width="27.906976744186046%" headers="d0e67 "><strong>f</strong> </td>
<td align="left" valign="top" width="72.09302325581395%" headers="d0e69 ">Forwarded ticket</td>
</tr>
<tr><td align="center" valign="top" width="27.906976744186046%" headers="d0e67 "><strong>P</strong> </td>
<td align="left" valign="top" width="72.09302325581395%" headers="d0e69 ">Ticket can be a proxy</td>
</tr>
<tr><td align="center" valign="top" width="27.906976744186046%" headers="d0e67 "><strong>p</strong> </td>
<td align="left" valign="top" width="72.09302325581395%" headers="d0e69 ">Proxy ticket</td>
</tr>
<tr><td align="center" valign="top" width="27.906976744186046%" headers="d0e67 "><strong>D</strong> </td>
<td align="left" valign="top" width="72.09302325581395%" headers="d0e69 ">Ticket can be postdated</td>
</tr>
<tr><td align="center" valign="top" width="27.906976744186046%" headers="d0e67 "><strong>d</strong> </td>
<td align="left" valign="top" width="72.09302325581395%" headers="d0e69 ">Postdated ticket</td>
</tr>
<tr><td align="center" valign="top" width="27.906976744186046%" headers="d0e67 "><strong>R</strong> </td>
<td align="left" valign="top" width="72.09302325581395%" headers="d0e69 ">Renewable ticket</td>
</tr>
<tr><td align="center" valign="top" width="27.906976744186046%" headers="d0e67 "><strong>I</strong> </td>
<td align="left" valign="top" width="72.09302325581395%" headers="d0e69 ">Initial ticket</td>
</tr>
<tr><td align="center" valign="top" width="27.906976744186046%" headers="d0e67 "><strong>i</strong> </td>
<td align="left" valign="top" width="72.09302325581395%" headers="d0e69 ">Ticket not valid</td>
</tr>
<tr><td align="center" valign="top" width="27.906976744186046%" headers="d0e67 "><strong>A</strong> </td>
<td align="left" valign="top" width="72.09302325581395%" headers="d0e69 ">Preauthentication used</td>
</tr>
<tr><td align="center" valign="top" width="27.906976744186046%" headers="d0e67 "><strong>O</strong> </td>
<td align="left" valign="top" width="72.09302325581395%" headers="d0e69 ">Server can be a delegate</td>
</tr>
<tr><td align="center" valign="top" width="27.906976744186046%" headers="d0e67 "><strong>C</strong> </td>
<td align="left" valign="top" width="72.09302325581395%" headers="d0e69 ">Transit list checked by the Kerberos server</td>
</tr>
</tbody>
</table>
</div>
<p>This option is valid only when you list a credentials cache.</p>
</dd>
<dt class="dlterm">-s</dt>
<dd>Suppress command output, but set the exit status to 0 if a valid ticket
granting ticket is found in the credentials cache. This option is valid only
when you list a credentials cache. </dd>
<dt class="dlterm">-k</dt>
<dd> List the entries in a key table. This option is mutually exclusive with
the <strong>-c</strong> option. </dd>
<dt class="dlterm">-t</dt>
<dd>Display timestamps for key table entries. This option is valid only when
you list a key table. </dd>
<dt class="dlterm">-K</dt>
<dd>Display the encryption key value for each key table entry. This option
is valid only when you list a key table. </dd>
<dt class="dlterm">filename</dt>
<dd>Specifies the name of the credentials cache or key table. If no file name
is specified, the default credentials cache or key table is used </dd>
</dl>
</div>
<div class="section"><h4 class="sectiontitle">Authorities</h4>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" width="100%" frame="border" border="1" rules="all"><thead align="left"><tr><th align="left" valign="bottom" width="80%" id="d0e195">Object Referred to</th>
<th align="left" valign="bottom" width="20%" id="d0e197">Authority Required</th>
</tr>
</thead>
<tbody><tr><td align="left" valign="top" width="80%" headers="d0e195 ">Each directory in the path name preceding
the file if <tt>-k</tt> option is specified as keytab</td>
<td align="left" valign="top" width="20%" headers="d0e197 ">*X</td>
</tr>
<tr><td align="left" valign="top" width="80%" headers="d0e195 ">Keytab file when <tt>-k</tt> is specified</td>
<td align="left" valign="top" width="20%" headers="d0e197 ">*R</td>
</tr>
<tr><td align="left" valign="top" width="80%" headers="d0e195 ">Each directory in the path name preceding
the credentials cache file if the <tt>-k</tt> option is not specified</td>
<td align="left" valign="top" width="20%" headers="d0e197 ">*X</td>
</tr>
<tr><td align="left" valign="top" width="80%" headers="d0e195 ">Credentials cache file if the <tt>-k</tt> option
is not specified</td>
<td align="left" valign="top" width="20%" headers="d0e197 ">*R</td>
</tr>
</tbody>
</table>
</div>
<p>To enable the Kerberos run time to find your credentials cache
file from any running process, the name of the cache file is normally stored
in the home directory in a file named <strong>krb5ccname</strong>. The storage location
of the cache file name can be overridden by setting the environment variable <strong>_EUV_SEC_KRB5CCNAME_FILE</strong>.
To access this file, the user profile must have <strong>*X</strong> authority to each
directory in the path and <strong>*R</strong> authority to the file where the cache
file name is stored. The first time that a user creates a credentials cache,
the user profile must have <strong>*WX</strong> authority to the parent directory.</p>
</div>
<div class="section"><h4 class="sectiontitle">Messages</h4><ul><li>The <tt>option_name</tt> option requires a value.</li>
<li><tt>command_option</tt> is not a valid command option.</li>
<li><tt>command_option_one</tt> and <tt>command_option_two</tt> cannot be
specified together.</li>
<li>No default credentials cache found.</li>
<li>Unable to resolve credentials cache <tt>file_name</tt>.</li>
<li>Unable to retrieve principal name from credentials cache <tt>file_name</tt>.</li>
<li>Unable to retrieve ticket from credentials cache <tt>file_name</tt>.</li>
<li>Unable to decode ticket.</li>
<li>No default key table found.</li>
<li>Unable to resolve key table <tt>file_name</tt>.</li>
</ul>
</div>
<div class="example"><p>For an example of how this command is used, see <a href="rzakhklist.htm#rzakhklist">Display credentials cache</a>.</p>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzakhklist.htm" title="The klist command displays the contents of a Kerberos credentials cache.">Display credentials cache</a></div>
</div>
</div>
</body>
</html>