NAME

     klist - list cached Kerberos tickets


SYNOPSIS

     klist [-5] [-4] [-e] [[-c] [-f] [-s] [-a   [-n]]]  [-k  [-t]
     [-K]] [cache_name | keytab_name]


DESCRIPTION

     Klist lists the Kerberos principal and Kerberos tickets held
     in  a  credentials cache, or the keys held in a keytab file.
     If klist was built with  Kerberos  4  support,  the  default
     behavior  is  to list both Kerberos 5 and Kerberos 4 creden-
     tials.  Otherwise, klist will default to listing  only  Ker-
     beros 5 credentials.


OPTIONS

     -5   list Kerberos 5 credentials.  This  overrides  whatever
          the  default built-in behavior may be.  This option may
          be used with -4

     -4   list Kerberos 4 credentials.  This  overrides  whatever
          the  default  built-in behavior may be.  This option is
          only available if kinit was built with Kerberos 4  com-
          patibility.  This option may be used with -5

     -e   displays the encryption types of the  session  key  and
          the ticket for each credential in the credential cache,
          or each key in the keytab file.

     -c   List tickets held in a credentials cache.  This is  the
          default if neither -c nor -k is specified.

     -f   shows the flags present in the credentials,  using  the
          following abbreviations:

               F    Forwardable
               f    forwarded
               P    Proxiable
               p    proxy
               D    postDateable
               d    postdated
               R    Renewable
               I    Initial
               i    invalid
               H    Hardware authenticated
               A    preAuthenticated
               T    Transit policy checked
               O    Okay as delegate
               a    anonymous

     -s   causes klist to run silently (produce no  output),  but
          to  still  set  the exit status according to whether it
          finds the credentials cache.  The exit status is `0' if
          klist finds a credentials cache, and `1' if it does not
          or if the tickets are
           expired.

     -a   display list of addresses in credentials.

     -n   show numeric  addresses  instead  of  reverse-resolving
          addresses.

     -k   List keys held in a keytab file.

     -t   display the time entry timestamps for each keytab entry
          in the keytab file.

     -K   display the value of the encryption key in each  keytab
          entry in the keytab file.

     If cache_name or keytab_name is not  specified,  klist  will
     display  the credentials in the default credentials cache or
     keytab file as appropriate.  If the  KRB5CCNAME  environment
     variable  is  set,  its  value  is  used to name the default
     ticket cache.


ENVIRONMENT

     Klist uses the following environment variables:

     KRB5CCNAME      Location  of  the  Kerberos  5   credentials
                     (ticket) cache.

     KRBTKFILE      Filename  of  the  Kerberos   4   credentials
                    (ticket) cache.


FILES

     /tmp/krb5cc_[uid]  default location of  Kerberos  5  creden-
                        tials  cache ([uid] is the decimal UID of
                        the user).

     /tmp/tkt[uid]  default location of  Kerberos  4  credentials
                    cache ([uid] is the decimal UID of the user).

     /etc/krb5.keytab
                    default location for the local host's  keytab
                    file.


SEE ALSO

     kinit(1), kdestroy(1), krb5(3)






Man(1) output converted with man2html