Klist
lists the Kerberos principal and Kerberos tickets held in a credentials
cache, or the keys held in a
keytab
file.
OPTIONS
-e
displays the encryption types of the session key and the ticket for each
credential in the credential cache, or each key in the keytab file.
-c
List tickets held in a credentials cache. This is the default if
neither
-c
nor
-k
is specified.
-f
shows the flags present in the credentials, using the following
abbreviations:
F Forwardable
f forwarded
P Proxiable
p proxy
D postDateable
d postdated
R Renewable
I Initial
i invalid
H Hardware authenticated
A preAuthenticated
T Transit policy checked
O Okay as delegate
a anonymous
-s
causes
klist
to run silently (produce no output), but to still set the exit status
according to whether it finds the credentials cache. The exit status is
`0' if
klist
finds a credentials cache, and `1' if it does not or if the tickets are
expired.
-a
display list of addresses in credentials.
-n
show numeric addresses instead of reverse-resolving addresses.
-k
List keys held in a
keytab
file.
-t
display the time entry timestamps for each keytab entry in the keytab
file.
-K
display the value of the encryption key in each keytab entry in the
keytab file.
If
cache_name
or
keytab_name
is not specified, klist will display the credentials in the default
credentials cache or keytab file as appropriate. If the
KRB5CCNAME
environment variable is set, its value is used to name the default
ticket cache.
ENVIRONMENT
Klist
uses the following environment variables:
KRB5CCNAME
Location of the Kerberos 5 credentials (ticket) cache.
FILES
/tmp/krb5cc_[uid]
default location of Kerberos 5 credentials cache
([uid] is the decimal UID of the user).
/etc/krb5.keytab
default location for the local host's
keytab
file.