com.ibm.security.krb5.internal.tools

Class Kinit

  • java.lang.Object
    • com.ibm.security.krb5.internal.tools.Kinit

  • public class Kinit
extends java.lang.Object
    Kinit tool for obtaining Kerberos v5 tickets.
    Version:
    1.00 12 Apr 2000

    • Constructor Summary

      Constructors 
      Constructor and Description
      Kinit(java.lang.String[] args)
      Constructs a new Kinit object.

    • Method Summary

      All Methods Static Methods Concrete Methods 
      Modifier and Type Method and Description
      static void main(java.lang.String[] args)
      The main method is used to accept user command line input for ticket request.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • Kinit

        public Kinit(java.lang.String[] args)
      throws java.io.IOException,
             com.ibm.security.krb5.internal.RealmException,
             com.ibm.security.krb5.KrbException
        Constructs a new Kinit object.
        Parameters:
        args - array of ticket request options. Avaiable options are: -f, -F, -p, -P, -c, principal, password.
        Throws:
        java.io.IOException - if an I/O error occurs.
        com.ibm.security.krb5.internal.RealmException - if the Realm could not be instantiated.
        com.ibm.security.krb5.KrbException - if error occurs during Kerberos operation.

    • Method Detail

      • main

        public static void main(java.lang.String[] args)
        The main method is used to accept user command line input for ticket request.

        Usage: java [options] com.ibm.security.krb5.internal.tools.Kinit [-A] [-f] [-F] [-p] [-P] [-r] [-R][-c cache name] [-k [-t keytab_file_name]] [principal] [password]

        • -A do not include host addresses
        • -f forwardable
        • -F not forwardable
        • -p proxiable
        • -P not proxiable
        • -r renewable
        • -R not renewable
        • -c cache name (i.e., FILE:d:\temp\mykrb5cc)
        • -k use key tab
        • -t keytab file name
        • principal the principal name (i.e., qwedf qwedf@IBM.COM)
        • password the principal's Kerberos password

        Use java com.ibm.security.krb5.tools.Kinit -help to bring up help menu.

        We currently support only file-based credentials cache to store the tickets obtained from the KDC. By default, for all Unix platforms a cache file named /tmp/krb5cc_<uid> will be generated. The <uid> is the numeric user identifier. For all other platforms, a cache file named <USER_HOME>/krb5cc_<USER_NAME> would be generated.

        <USER_HOME> is obtained from java.lang.System property user.home. <USER_NAME> is obtained from java.lang.System property user.name. If <USER_HOME> is null the cache file would be stored in the current directory that the program is running from. <USER_NAME> is operating system's login username. It could be different from user's principal name.

        For instance, on Windows NT, it could be c:\winnt\profiles\duke\krb5cc_duke, in which duke is the <USER_NAME>, and c:\winnt\profile\duke is the <USER_HOME>.

        A single user could have multiple principal names, but the primary principal of the credentials cache could only be one, which means one cache file could only store tickets for one specific user principal. If the user switches the principal name at the next Kinit, the cache file generated for the new ticket would overwrite the old cache file by default. To avoid overwriting, you need to specify a different cache file name when you request a new ticket.

        You can specify the location of the cache file by using the -c option

Skip navigation links

© Portions Copyright 2003, 2015 IBM Corporation. All rights reserved.
© Portions Copyright 2003, 2015, Oracle and/or its affiliates. All rights reserved.