-c cachename --cache=cachename
The credentials cache to put the acquired ticket in, if other than default.
|
-f --no-forwardable
Get ticket that can be forwarded to another host, or if the negative flags use, don't get a
forwardable flag.
|
-t keytabname, --keytab=keytabname
Don't ask for a password, but instead get the key from the specified keytab.
|
-l time, --lifetime=time
Specifies the lifetime of the ticket. The argument can either be in seconds, or a more human
readable string like ‘1h’.
|
-p, --proxiable
Request tickets with the proxiable flag set.
|
-R, --renew
Try to renew ticket. The ticket must have the ‘renewable’ flag set, and must not be expired.
|
--renewable
The same as --renewable-life, with an infinite time.
|
-r time, --renewable-life=time
The max renewable ticket life.
|
-S principal, --server=principal
Get a ticket for a service other than krbtgt/LOCAL.REALM.
|
-s time, --start-time=time
Obtain a ticket that starts to be valid time (which can really be a generic time specification,
like ‘1h’) seconds into the future.
|
-k, --use-keytab
The same as --keytab, but with the default keytab name (normally FILE:/etc/krb5.keytab).
|
-v, --validate
Try to validate an invalid ticket.
|
-e, --enctypes=enctypes
Request tickets with this particular enctype.
|
--password-file=filename
read the password from the first line of filename. If the filename is STDIN, the password will be
read from the standard input.
|
--fcache-version=version-number
Create a credentials cache of version version-number.
|
-a, --extra-addresses=enctypes
Adds a set of addresses that will, in addition to the systems local addresses, be put in the
ticket. This can be useful if all addresses a client can use can't be automatically figured out.
One such example is if the client is behind a firewall. Also settable via
libdefaults/extra_addresses in krb5.conf(5).
|
-A, --no-addresses
Request a ticket with no addresses.
|
--anonymous
Request an anonymous ticket (which means that the ticket will be issued to an anonymous principal,
typically “anonymous@REALM”).
|
--enterprise
Parse principal as a enterprise (KRB5-NT-ENTERPRISE) name. Enterprise names are email like
principals that are stored in the name part of the principal, and since there are two @ characters
the parser needs to know that the first is not a realm. An example of an enterprise name is
“lha@e.kth.se@KTH.SE”, and this option is usually used with canonicalize so that the principal
returned from the KDC will typically be the real principal name.
|
--afslog
Gets AFS tickets, converts them to version 4 format, and stores them in the kernel. Only useful if
you have AFS.
|