Class Kinit
- java.lang.Object
-
- com.ibm.security.krb5.internal.tools.Kinit
-
public class Kinit extends java.lang.Object
Kinit tool for obtaining Kerberos v5 tickets.- Version:
- 1.00 12 Apr 2000
-
-
Constructor Summary
Constructors Constructor and Description Kinit(java.lang.String[] args)
Constructs a new Kinit object.
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method and Description static void
main(java.lang.String[] args)
The main method is used to accept user command line input for ticket request.
-
-
-
Constructor Detail
-
Kinit
public Kinit(java.lang.String[] args) throws java.io.IOException, com.ibm.security.krb5.internal.RealmException, com.ibm.security.krb5.KrbException
Constructs a new Kinit object.- Parameters:
args
- array of ticket request options. Avaiable options are: -f, -F, -p, -P, -c, principal, password.- Throws:
java.io.IOException
- if an I/O error occurs.com.ibm.security.krb5.internal.RealmException
- if the Realm could not be instantiated.com.ibm.security.krb5.KrbException
- if error occurs during Kerberos operation.
-
-
Method Detail
-
main
public static void main(java.lang.String[] args)
The main method is used to accept user command line input for ticket request.Usage: java [options] com.ibm.security.krb5.internal.tools.Kinit [-A] [-f] [-F] [-p] [-P] [-r] [-R][-c cache name] [-k [-t keytab_file_name]] [principal] [password]
- -A do not include host addresses
- -f forwardable
- -F not forwardable
- -p proxiable
- -P not proxiable
- -r renewable
- -R not renewable
- -c cache name (i.e., FILE:d:\temp\mykrb5cc)
- -k use key tab
- -t keytab file name
- principal the principal name (i.e., qwedf qwedf@IBM.COM)
- password the principal's Kerberos password
Use java com.ibm.security.krb5.tools.Kinit -help to bring up help menu.
We currently support only file-based credentials cache to store the tickets obtained from the KDC. By default, for all Unix platforms a cache file named /tmp/krb5cc_<uid> will be generated. The <uid> is the numeric user identifier. For all other platforms, a cache file named <USER_HOME>/krb5cc_<USER_NAME> would be generated.
<USER_HOME> is obtained from
java.lang.System
property user.home. <USER_NAME> is obtained fromjava.lang.System
property user.name. If <USER_HOME> is null the cache file would be stored in the current directory that the program is running from. <USER_NAME> is operating system's login username. It could be different from user's principal name.For instance, on Windows NT, it could be c:\winnt\profiles\duke\krb5cc_duke, in which duke is the <USER_NAME>, and c:\winnt\profile\duke is the <USER_HOME>.
A single user could have multiple principal names, but the primary principal of the credentials cache could only be one, which means one cache file could only store tickets for one specific user principal. If the user switches the principal name at the next Kinit, the cache file generated for the new ticket would overwrite the old cache file by default. To avoid overwriting, you need to specify a different cache file name when you request a new ticket.
You can specify the location of the cache file by using the -c option
-
-