|
jpayne@68
|
1 .\" Man page generated from reStructuredText.
|
|
jpayne@68
|
2 .
|
|
jpayne@68
|
3 .TH "KVNO" "1" " " "1.20.1" "MIT Kerberos"
|
|
jpayne@68
|
4 .SH NAME
|
|
jpayne@68
|
5 kvno \- print key version numbers of Kerberos principals
|
|
jpayne@68
|
6 .
|
|
jpayne@68
|
7 .nr rst2man-indent-level 0
|
|
jpayne@68
|
8 .
|
|
jpayne@68
|
9 .de1 rstReportMargin
|
|
jpayne@68
|
10 \\$1 \\n[an-margin]
|
|
jpayne@68
|
11 level \\n[rst2man-indent-level]
|
|
jpayne@68
|
12 level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
|
|
jpayne@68
|
13 -
|
|
jpayne@68
|
14 \\n[rst2man-indent0]
|
|
jpayne@68
|
15 \\n[rst2man-indent1]
|
|
jpayne@68
|
16 \\n[rst2man-indent2]
|
|
jpayne@68
|
17 ..
|
|
jpayne@68
|
18 .de1 INDENT
|
|
jpayne@68
|
19 .\" .rstReportMargin pre:
|
|
jpayne@68
|
20 . RS \\$1
|
|
jpayne@68
|
21 . nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
|
|
jpayne@68
|
22 . nr rst2man-indent-level +1
|
|
jpayne@68
|
23 .\" .rstReportMargin post:
|
|
jpayne@68
|
24 ..
|
|
jpayne@68
|
25 .de UNINDENT
|
|
jpayne@68
|
26 . RE
|
|
jpayne@68
|
27 .\" indent \\n[an-margin]
|
|
jpayne@68
|
28 .\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
|
|
jpayne@68
|
29 .nr rst2man-indent-level -1
|
|
jpayne@68
|
30 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
|
|
jpayne@68
|
31 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
|
|
jpayne@68
|
32 ..
|
|
jpayne@68
|
33 .SH SYNOPSIS
|
|
jpayne@68
|
34 .sp
|
|
jpayne@68
|
35 \fBkvno\fP
|
|
jpayne@68
|
36 [\fB\-c\fP \fIccache\fP]
|
|
jpayne@68
|
37 [\fB\-e\fP \fIetype\fP]
|
|
jpayne@68
|
38 [\fB\-k\fP \fIkeytab\fP]
|
|
jpayne@68
|
39 [\fB\-q\fP]
|
|
jpayne@68
|
40 [\fB\-u\fP | \fB\-S\fP \fIsname\fP]
|
|
jpayne@68
|
41 [\fB\-P\fP]
|
|
jpayne@68
|
42 [\fB\-\-cached\-only\fP]
|
|
jpayne@68
|
43 [\fB\-\-no\-store\fP]
|
|
jpayne@68
|
44 [\fB\-\-out\-cache\fP \fIcache\fP]
|
|
jpayne@68
|
45 [[{\fB\-F\fP \fIcert_file\fP | {\fB\-I\fP | \fB\-U\fP} \fIfor_user\fP} [\fB\-P\fP]] | \fB\-\-u2u\fP \fIccache\fP]
|
|
jpayne@68
|
46 \fIservice1 service2\fP ...
|
|
jpayne@68
|
47 .SH DESCRIPTION
|
|
jpayne@68
|
48 .sp
|
|
jpayne@68
|
49 kvno acquires a service ticket for the specified Kerberos principals
|
|
jpayne@68
|
50 and prints out the key version numbers of each.
|
|
jpayne@68
|
51 .SH OPTIONS
|
|
jpayne@68
|
52 .INDENT 0.0
|
|
jpayne@68
|
53 .TP
|
|
jpayne@68
|
54 \fB\-c\fP \fIccache\fP
|
|
jpayne@68
|
55 Specifies the name of a credentials cache to use (if not the
|
|
jpayne@68
|
56 default)
|
|
jpayne@68
|
57 .TP
|
|
jpayne@68
|
58 \fB\-e\fP \fIetype\fP
|
|
jpayne@68
|
59 Specifies the enctype which will be requested for the session key
|
|
jpayne@68
|
60 of all the services named on the command line. This is useful in
|
|
jpayne@68
|
61 certain backward compatibility situations.
|
|
jpayne@68
|
62 .TP
|
|
jpayne@68
|
63 \fB\-k\fP \fIkeytab\fP
|
|
jpayne@68
|
64 Decrypt the acquired tickets using \fIkeytab\fP to confirm their
|
|
jpayne@68
|
65 validity.
|
|
jpayne@68
|
66 .TP
|
|
jpayne@68
|
67 \fB\-q\fP
|
|
jpayne@68
|
68 Suppress printing output when successful. If a service ticket
|
|
jpayne@68
|
69 cannot be obtained, an error message will still be printed and
|
|
jpayne@68
|
70 kvno will exit with nonzero status.
|
|
jpayne@68
|
71 .TP
|
|
jpayne@68
|
72 \fB\-u\fP
|
|
jpayne@68
|
73 Use the unknown name type in requested service principal names.
|
|
jpayne@68
|
74 This option Cannot be used with \fI\-S\fP\&.
|
|
jpayne@68
|
75 .TP
|
|
jpayne@68
|
76 \fB\-P\fP
|
|
jpayne@68
|
77 Specifies that the \fIservice1 service2\fP ... arguments are to be
|
|
jpayne@68
|
78 treated as services for which credentials should be acquired using
|
|
jpayne@68
|
79 constrained delegation. This option is only valid when used in
|
|
jpayne@68
|
80 conjunction with protocol transition.
|
|
jpayne@68
|
81 .TP
|
|
jpayne@68
|
82 \fB\-S\fP \fIsname\fP
|
|
jpayne@68
|
83 Specifies that the \fIservice1 service2\fP ... arguments are
|
|
jpayne@68
|
84 interpreted as hostnames, and the service principals are to be
|
|
jpayne@68
|
85 constructed from those hostnames and the service name \fIsname\fP\&.
|
|
jpayne@68
|
86 The service hostnames will be canonicalized according to the usual
|
|
jpayne@68
|
87 rules for constructing service principals.
|
|
jpayne@68
|
88 .TP
|
|
jpayne@68
|
89 \fB\-I\fP \fIfor_user\fP
|
|
jpayne@68
|
90 Specifies that protocol transition (S4U2Self) is to be used to
|
|
jpayne@68
|
91 acquire a ticket on behalf of \fIfor_user\fP\&. If constrained
|
|
jpayne@68
|
92 delegation is not requested, the service name must match the
|
|
jpayne@68
|
93 credentials cache client principal.
|
|
jpayne@68
|
94 .TP
|
|
jpayne@68
|
95 \fB\-U\fP \fIfor_user\fP
|
|
jpayne@68
|
96 Same as \-I, but treats \fIfor_user\fP as an enterprise name.
|
|
jpayne@68
|
97 .TP
|
|
jpayne@68
|
98 \fB\-F\fP \fIcert_file\fP
|
|
jpayne@68
|
99 Specifies that protocol transition is to be used, identifying the
|
|
jpayne@68
|
100 client principal with the X.509 certificate in \fIcert_file\fP\&. The
|
|
jpayne@68
|
101 certificate file must be in PEM format.
|
|
jpayne@68
|
102 .TP
|
|
jpayne@68
|
103 \fB\-\-cached\-only\fP
|
|
jpayne@68
|
104 Only retrieve credentials already present in the cache, not from
|
|
jpayne@68
|
105 the KDC. (Added in release 1.19.)
|
|
jpayne@68
|
106 .TP
|
|
jpayne@68
|
107 \fB\-\-no\-store\fP
|
|
jpayne@68
|
108 Do not store retrieved credentials in the cache. If
|
|
jpayne@68
|
109 \fB\-\-out\-cache\fP is also specified, credentials will still be
|
|
jpayne@68
|
110 stored into the output credential cache. (Added in release 1.19.)
|
|
jpayne@68
|
111 .TP
|
|
jpayne@68
|
112 \fB\-\-out\-cache\fP \fIccache\fP
|
|
jpayne@68
|
113 Initialize \fIccache\fP and store all retrieved credentials into it.
|
|
jpayne@68
|
114 Do not store acquired credentials in the input cache. (Added in
|
|
jpayne@68
|
115 release 1.19.)
|
|
jpayne@68
|
116 .TP
|
|
jpayne@68
|
117 \fB\-\-u2u\fP \fIccache\fP
|
|
jpayne@68
|
118 Requests a user\-to\-user ticket. \fIccache\fP must contain a local
|
|
jpayne@68
|
119 krbtgt ticket for the server principal. The reported version
|
|
jpayne@68
|
120 number will typically be 0, as the resulting ticket is not
|
|
jpayne@68
|
121 encrypted in the server\(aqs long\-term key.
|
|
jpayne@68
|
122 .UNINDENT
|
|
jpayne@68
|
123 .SH ENVIRONMENT
|
|
jpayne@68
|
124 .sp
|
|
jpayne@68
|
125 See kerberos(7) for a description of Kerberos environment
|
|
jpayne@68
|
126 variables.
|
|
jpayne@68
|
127 .SH FILES
|
|
jpayne@68
|
128 .INDENT 0.0
|
|
jpayne@68
|
129 .TP
|
|
jpayne@68
|
130 .B \fBFILE:/tmp/krb5cc_%{uid}\fP
|
|
jpayne@68
|
131 Default location of the credentials cache
|
|
jpayne@68
|
132 .UNINDENT
|
|
jpayne@68
|
133 .SH SEE ALSO
|
|
jpayne@68
|
134 .sp
|
|
jpayne@68
|
135 kinit(1), kdestroy(1), kerberos(7)
|
|
jpayne@68
|
136 .SH AUTHOR
|
|
jpayne@68
|
137 MIT
|
|
jpayne@68
|
138 .SH COPYRIGHT
|
|
jpayne@68
|
139 1985-2022, MIT
|
|
jpayne@68
|
140 .\" Generated by docutils manpage writer.
|
|
jpayne@68
|
141 .
|
