1KLIST(1)                    General Commands Manual                   KLIST(1)
2
3
4

NAME

6       klist - list cached Kerberos tickets
7

SYNOPSIS

9       klist  [-e]  [[-c]  [-l]  [-A]  [-f]  [-s]  [-a   [-n]]] [-k [-t] [-K]]
10       [cache_name | keytab_name]
11

DESCRIPTION

13       Klist lists the Kerberos principal and Kerberos tickets held in a  cre‐
14       dentials cache, or the keys held in a keytab file.
15

OPTIONS

17       -e     displays  the encryption types of the session key and the ticket
18              for each credential in the credential cache, or each key in  the
19              keytab file.
20
21       -c     List  tickets  held in a credentials cache.  This is the default
22              if neither -c nor -k is specified.
23
24       -l     If a cache collection is available, displays a table summarizing
25              the caches present in the collection.
26
27       -A     If a cache collection is available, displays the contents of all
28              of the caches in the collection.
29
30       -f     shows the flags present in the credentials, using the  following
31              abbreviations:
32
33                   F    Forwardable
34                   f    forwarded
35                   P    Proxiable
36                   p    proxy
37                   D    postDateable
38                   d    postdated
39                   R    Renewable
40                   I    Initial
41                   i    invalid
42                   H    Hardware authenticated
43                   A    preAuthenticated
44                   T    Transit policy checked
45                   O    Okay as delegate
46                   a    anonymous
47
48       -s     causes  klist  to run silently (produce no output), but to still
49              set the exit status according to whether it  finds  the  creden‐
50              tials  cache.   The  exit status is `0' if klist finds a creden‐
51              tials cache, and `1' if it does not or if the tickets are
52               expired.
53
54       -a     display list of addresses in credentials.
55
56       -n     show numeric addresses instead of reverse-resolving addresses.
57
58       -k     List keys held in a keytab file.
59
60       -t     display the time entry timestamps for each keytab entry  in  the
61              keytab file.
62
63       -K     display  the value of the encryption key in each keytab entry in
64              the keytab file.
65
66       -V     display the Kerberos version number and exit.
67
68       If cache_name or keytab_name is not specified, klist will  display  the
69       credentials  in  the default credentials cache or keytab file as appro‐
70       priate.  If the KRB5CCNAME environment variable is set,  its  value  is
71       used to name the default ticket cache.
72

ENVIRONMENT

74       Klist uses the following environment variables:
75
76       KRB5CCNAME      Location of the default Kerberos 5 credentials (ticket)
77                       cache, in the form type:residual.  If no type prefix is
78                       present,  the  FILE  type  is assumed.  The type of the
79                       default cache may determine the availability of a cache
80                       collection;  for  instance, a default cache of type DIR
81                       causes caches within the directory to be present in the
82                       collection.
83

FILES

85       /tmp/krb5cc_[uid]  default  location  of  Kerberos  5 credentials cache
86                          ([uid] is the decimal UID of the user).
87
88       /etc/krb5.keytab   default location for the local host's keytab file.
89

SEE ALSO

91       kinit(1), kdestroy(1), krb5(3)
92
93
94
95                                                                      KLIST(1)
Impressum