jpayne@68: .\" Man page generated from reStructuredText.
jpayne@68: .
jpayne@68: .TH "KVNO" "1" " " "1.20.1" "MIT Kerberos"
jpayne@68: .SH NAME
jpayne@68: kvno \- print key version numbers of Kerberos principals
jpayne@68: .
jpayne@68: .nr rst2man-indent-level 0
jpayne@68: .
jpayne@68: .de1 rstReportMargin
jpayne@68: \\$1 \\n[an-margin]
jpayne@68: level \\n[rst2man-indent-level]
jpayne@68: level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
jpayne@68: -
jpayne@68: \\n[rst2man-indent0]
jpayne@68: \\n[rst2man-indent1]
jpayne@68: \\n[rst2man-indent2]
jpayne@68: ..
jpayne@68: .de1 INDENT
jpayne@68: .\" .rstReportMargin pre:
jpayne@68: . RS \\$1
jpayne@68: . nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
jpayne@68: . nr rst2man-indent-level +1
jpayne@68: .\" .rstReportMargin post:
jpayne@68: ..
jpayne@68: .de UNINDENT
jpayne@68: . RE
jpayne@68: .\" indent \\n[an-margin]
jpayne@68: .\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
jpayne@68: .nr rst2man-indent-level -1
jpayne@68: .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
jpayne@68: .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
jpayne@68: ..
jpayne@68: .SH SYNOPSIS
jpayne@68: .sp
jpayne@68: \fBkvno\fP
jpayne@68: [\fB\-c\fP \fIccache\fP]
jpayne@68: [\fB\-e\fP \fIetype\fP]
jpayne@68: [\fB\-k\fP \fIkeytab\fP]
jpayne@68: [\fB\-q\fP]
jpayne@68: [\fB\-u\fP | \fB\-S\fP \fIsname\fP]
jpayne@68: [\fB\-P\fP]
jpayne@68: [\fB\-\-cached\-only\fP]
jpayne@68: [\fB\-\-no\-store\fP]
jpayne@68: [\fB\-\-out\-cache\fP \fIcache\fP]
jpayne@68: [[{\fB\-F\fP \fIcert_file\fP | {\fB\-I\fP | \fB\-U\fP} \fIfor_user\fP} [\fB\-P\fP]] | \fB\-\-u2u\fP \fIccache\fP]
jpayne@68: \fIservice1 service2\fP ...
jpayne@68: .SH DESCRIPTION
jpayne@68: .sp
jpayne@68: kvno acquires a service ticket for the specified Kerberos principals
jpayne@68: and prints out the key version numbers of each.
jpayne@68: .SH OPTIONS
jpayne@68: .INDENT 0.0
jpayne@68: .TP
jpayne@68: \fB\-c\fP \fIccache\fP
jpayne@68: Specifies the name of a credentials cache to use (if not the
jpayne@68: default)
jpayne@68: .TP
jpayne@68: \fB\-e\fP \fIetype\fP
jpayne@68: Specifies the enctype which will be requested for the session key
jpayne@68: of all the services named on the command line.  This is useful in
jpayne@68: certain backward compatibility situations.
jpayne@68: .TP
jpayne@68: \fB\-k\fP \fIkeytab\fP
jpayne@68: Decrypt the acquired tickets using \fIkeytab\fP to confirm their
jpayne@68: validity.
jpayne@68: .TP
jpayne@68: \fB\-q\fP
jpayne@68: Suppress printing output when successful.  If a service ticket
jpayne@68: cannot be obtained, an error message will still be printed and
jpayne@68: kvno will exit with nonzero status.
jpayne@68: .TP
jpayne@68: \fB\-u\fP
jpayne@68: Use the unknown name type in requested service principal names.
jpayne@68: This option Cannot be used with \fI\-S\fP\&.
jpayne@68: .TP
jpayne@68: \fB\-P\fP
jpayne@68: Specifies that the \fIservice1 service2\fP ...  arguments are to be
jpayne@68: treated as services for which credentials should be acquired using
jpayne@68: constrained delegation.  This option is only valid when used in
jpayne@68: conjunction with protocol transition.
jpayne@68: .TP
jpayne@68: \fB\-S\fP \fIsname\fP
jpayne@68: Specifies that the \fIservice1 service2\fP ... arguments are
jpayne@68: interpreted as hostnames, and the service principals are to be
jpayne@68: constructed from those hostnames and the service name \fIsname\fP\&.
jpayne@68: The service hostnames will be canonicalized according to the usual
jpayne@68: rules for constructing service principals.
jpayne@68: .TP
jpayne@68: \fB\-I\fP \fIfor_user\fP
jpayne@68: Specifies that protocol transition (S4U2Self) is to be used to
jpayne@68: acquire a ticket on behalf of \fIfor_user\fP\&.  If constrained
jpayne@68: delegation is not requested, the service name must match the
jpayne@68: credentials cache client principal.
jpayne@68: .TP
jpayne@68: \fB\-U\fP \fIfor_user\fP
jpayne@68: Same as \-I, but treats \fIfor_user\fP as an enterprise name.
jpayne@68: .TP
jpayne@68: \fB\-F\fP \fIcert_file\fP
jpayne@68: Specifies that protocol transition is to be used, identifying the
jpayne@68: client principal with the X.509 certificate in \fIcert_file\fP\&.  The
jpayne@68: certificate file must be in PEM format.
jpayne@68: .TP
jpayne@68: \fB\-\-cached\-only\fP
jpayne@68: Only retrieve credentials already present in the cache, not from
jpayne@68: the KDC.  (Added in release 1.19.)
jpayne@68: .TP
jpayne@68: \fB\-\-no\-store\fP
jpayne@68: Do not store retrieved credentials in the cache.  If
jpayne@68: \fB\-\-out\-cache\fP is also specified, credentials will still be
jpayne@68: stored into the output credential cache.  (Added in release 1.19.)
jpayne@68: .TP
jpayne@68: \fB\-\-out\-cache\fP \fIccache\fP
jpayne@68: Initialize \fIccache\fP and store all retrieved credentials into it.
jpayne@68: Do not store acquired credentials in the input cache.  (Added in
jpayne@68: release 1.19.)
jpayne@68: .TP
jpayne@68: \fB\-\-u2u\fP \fIccache\fP
jpayne@68: Requests a user\-to\-user ticket.  \fIccache\fP must contain a local
jpayne@68: krbtgt ticket for the server principal.  The reported version
jpayne@68: number will typically be 0, as the resulting ticket is not
jpayne@68: encrypted in the server\(aqs long\-term key.
jpayne@68: .UNINDENT
jpayne@68: .SH ENVIRONMENT
jpayne@68: .sp
jpayne@68: See kerberos(7) for a description of Kerberos environment
jpayne@68: variables.
jpayne@68: .SH FILES
jpayne@68: .INDENT 0.0
jpayne@68: .TP
jpayne@68: .B \fBFILE:/tmp/krb5cc_%{uid}\fP
jpayne@68: Default location of the credentials cache
jpayne@68: .UNINDENT
jpayne@68: .SH SEE ALSO
jpayne@68: .sp
jpayne@68: kinit(1), kdestroy(1), kerberos(7)
jpayne@68: .SH AUTHOR
jpayne@68: MIT
jpayne@68: .SH COPYRIGHT
jpayne@68: 1985-2022, MIT
jpayne@68: .\" Generated by docutils manpage writer.
jpayne@68: .