explainshell.com - kinit(1) - acquire initial tickets

-c cachename --cache=cachename
        The credentials cache to put the acquired ticket in, if other than default.

-f --no-forwardable
        Get ticket that can be forwarded to another host, or if the negative flags use, don't get a
        forwardable flag.

-t keytabname, --keytab=keytabname
        Don't ask for a password, but instead get the key from the specified keytab.

-l time, --lifetime=time
        Specifies the lifetime of the ticket.  The argument can either be in seconds, or a more human
        readable string like ‘1h’.

-p, --proxiable
        Request tickets with the proxiable flag set.

-R, --renew
        Try to renew ticket.  The ticket must have the ‘renewable’ flag set, and must not be expired.

--renewable
        The same as --renewable-life, with an infinite time.

-r time, --renewable-life=time
        The max renewable ticket life.

-S principal, --server=principal
        Get a ticket for a service other than krbtgt/LOCAL.REALM.

-s time, --start-time=time
        Obtain a ticket that starts to be valid time (which can really be a generic time specification,
        like ‘1h’) seconds into the future.

-k, --use-keytab
        The same as --keytab, but with the default keytab name (normally FILE:/etc/krb5.keytab).

-v, --validate
        Try to validate an invalid ticket.

-e, --enctypes=enctypes
        Request tickets with this particular enctype.

--password-file=filename
        read the password from the first line of filename.  If the filename is STDIN, the password will be
        read from the standard input.

--fcache-version=version-number
        Create a credentials cache of version version-number.

-a, --extra-addresses=enctypes
        Adds a set of addresses that will, in addition to the systems local addresses, be put in the
        ticket.  This can be useful if all addresses a client can use can't be automatically figured out.
        One such example is if the client is behind a firewall.  Also settable via
        libdefaults/extra_addresses in krb5.conf(5).

-A, --no-addresses
        Request a ticket with no addresses.

--anonymous
        Request an anonymous ticket (which means that the ticket will be issued to an anonymous principal,
        typically “anonymous@REALM”).

--enterprise
        Parse principal as a enterprise (KRB5-NT-ENTERPRISE) name. Enterprise names are email like
        principals that are stored in the name part of the principal, and since there are two @ characters
        the parser needs to know that the first is not a realm.  An example of an enterprise name is
        “lha@e.kth.se@KTH.SE”, and this option is usually used with canonicalize so that the principal
        returned from the KDC will typically be the real principal name.

--afslog
        Gets AFS tickets, converts them to version 4 format, and stores them in the kernel.  Only useful if
        you have AFS.