klist(1)




NAME

     klist - list currently held Kerberos tickets


SYNOPSIS

     /usr/bin/klist  [-e]  [  [-c]   [-f]   [-s]   [   -a   [-n]]
     [cache_name]] [ -k [-t] [-K] [keytab_file]]


DESCRIPTION

     The klist utility prints the name of the credentials  cache,
     the  identity  of the principal that the tickets are for (as
     listed in the ticket file), and the principal names  of  all
     Kerberos  tickets currently held by the user, along with the
     issue and expiration time for each authenticator.  Principal
     names  are  listed in the form name/instance@realm, with the
     '/' omitted if the instance is not  included,  and  the  '@'
     omitted if the realm is  not included.

     If cache_file or keytab_name is not  specified,  klist  will
     display  the credentials in the default credentials cache or
     keytab files as appropriate. By default, your ticket will be
     stored in the file /tmp/krb5cc_uid, where uid is the current
     user-ID of the user.


OPTIONS

     The following options are supported:

     -a    Displays list of addresses in  credentials.  Uses  the
           configured  nameservice  to  translate numeric network
           addresses to the associated hostname if possible.

     -c [cache_name]
           Lists tickets held in a credentials cache. This is the
           default if neither -c nor -k is specified.

     -e    Displays the encryption types of the session  key  and
           the  ticket  for  each  credential  in  the credential
           cache, or each key in the keytab file.

     -f    Shows the flags present in the credentials, using  the
           following abbreviations:

           F     Forwardable

           f     forwarded

           P     Proxiable

           p     proxy

           D     postDateable
           d     postdated

           R     Renewable

           I     Initial

           i     invalid

     -k [keytab_file]
           List keys held in a keytab file.

     -K    Displays the value of the encryption key in each  key-
           tab entry in the keytab file.

     -n    Shows  numeric  IP  addresses  instead   of   reverse-
           resolving addresses. Only valid with -a option.

     -s    Causes klist to run silently (produce no output),  but
           to  still  set the exit status according to whether it
           finds the credentials cache. The exit status is  `  0'
           if  klist  finds  a  credentials cache, and ` 1' if it
           does not.

     -t    Displays the time entry  timestamps  for  each  keytab
           entry in the keytab file.


ENVIRONMENT VARIABLES

     klist uses the following environment variable:

     KRB5CCNAME
           Location of the credentials (ticket) cache.


FILES

     /tmp/krb5cc_uid
           Default credentials cache (uid is the decimal  UID  of
           the user).

     /etc/krb5/krb5.keytab
           Default location for the local host's keytab file.

     /etc/krb5/krb5.conf
           Default location for the  local  host's  configuration
           file. See krb5.conf(4).


ATTRIBUTES

     See attributes(5) for descriptions of the  following  attri-
     butes:

     ____________________________________________________________
    |       ATTRIBUTE TYPE        |       ATTRIBUTE VALUE       |
    |_____________________________|_____________________________|
    | Availability                | SUNWkrbu                    |
    |_____________________________|_____________________________|
    | Interface Stability         |                             |
    |_____________________________|_____________________________|
    |      Command arguments      | Evolving                    |
    |_____________________________|_____________________________|
    |      Command output         | Unstable                    |
    |_____________________________|_____________________________|


SEE ALSO

     kdestroy(1), kinit(1), krb5.conf(4), attributes(5), SEAM(5)


BUGS

     When reading a file as a service key file, very little error
     checking is performed.


Man(1) output converted with man2html