1KVNO(1)                          MIT Kerberos                          KVNO(1)
2
3
4

NAME

6       kvno - print key version numbers of Kerberos principals
7

SYNOPSIS

9       kvno  [-c  ccache]  [-e  etype] [-q] [-h] [-P] [-S sname] [-U for_user]
10       [--u2u ccache] service1 service2 ...
11

DESCRIPTION

13       kvno acquires a service ticket for the  specified  Kerberos  principals
14       and prints out the key version numbers of each.
15

OPTIONS

17       -c ccache
18              Specifies  the  name  of  a credentials cache to use (if not the
19              default)
20
21       -e etype
22              Specifies the enctype which will be requested  for  the  session
23              key of all the services named on the command line.  This is use‐
24              ful in certain backward compatibility situations.
25
26       -q     Suppress printing output when successful.  If a  service  ticket
27              cannot  be  obtained, an error message will still be printed and
28              kvno will exit with nonzero status.
29
30       -h     Prints a usage statement and exits.
31
32       -P     Specifies that the service1 service2 ...  arguments  are  to  be
33              treated  as  services  for  which credentials should be acquired
34              using constrained delegation.  This option is  only  valid  when
35              used in conjunction with protocol transition.
36
37       -S sname
38              Specifies  that  the  service1 service2 ... arguments are inter‐
39              preted as hostnames, and the service principals are to  be  con‐
40              structed  from  those hostnames and the service name sname.  The
41              service hostnames will be canonicalized according to  the  usual
42              rules for constructing service principals.
43
44       -U for_user
45              Specifies  that  protocol transition (S4U2Self) is to be used to
46              acquire a ticket on behalf of for_user.  If constrained  delega‐
47              tion  is  not requested, the service name must match the creden‐
48              tials cache client principal.
49
50       --u2u ccache
51              Requests a user-to-user ticket.  ccache  must  contain  a  local
52              krbtgt  ticket  for  the server principal.  The reported version
53              number will typically be 0,  as  the  resulting  ticket  is  not
54              encrypted in the server's long-term key.
55

ENVIRONMENT

57       See kerberos(7) for a description of Kerberos environment variables.
58

FILES

60       FILE:/tmp/krb5cc_%{uid}
61              Default location of the credentials cache
62

SEE ALSO

64       kinit(1), kdestroy(1), kerberos(7)
65

AUTHOR

67       MIT
68
70       1985-2019, MIT
71
72
73
74
751.17                                                                   KVNO(1)
Impressum