1KVNO(1)                          MIT Kerberos                          KVNO(1)
2
3
4

NAME

6       kvno - print key version numbers of Kerberos principals
7

SYNOPSIS

9       kvno [-c ccache] [-e etype] [-q] [-h] [-P] [-S sname] [-I for_user] [-U
10       for_user] [-F cert_file] [--u2u ccache] service1 service2 ...
11

DESCRIPTION

13       kvno acquires a service ticket for the  specified  Kerberos  principals
14       and prints out the key version numbers of each.
15

OPTIONS

17       -c ccache
18              Specifies  the  name  of  a credentials cache to use (if not the
19              default)
20
21       -e etype
22              Specifies the enctype which will be requested  for  the  session
23              key of all the services named on the command line.  This is use‐
24              ful in certain backward compatibility situations.
25
26       -q     Suppress printing output when successful.  If a  service  ticket
27              cannot  be  obtained, an error message will still be printed and
28              kvno will exit with nonzero status.
29
30       -h     Prints a usage statement and exits.
31
32       -P     Specifies that the service1 service2 ...  arguments  are  to  be
33              treated  as  services  for  which credentials should be acquired
34              using constrained delegation.  This option is  only  valid  when
35              used in conjunction with protocol transition.
36
37       -S sname
38              Specifies  that  the  service1 service2 ... arguments are inter‐
39              preted as hostnames, and the service principals are to  be  con‐
40              structed  from  those hostnames and the service name sname.  The
41              service hostnames will be canonicalized according to  the  usual
42              rules for constructing service principals.
43
44       -I for_user
45              Specifies  that  protocol transition (S4U2Self) is to be used to
46              acquire a ticket on behalf of for_user.  If constrained  delega‐
47              tion  is  not requested, the service name must match the creden‐
48              tials cache client principal.
49
50       -U for_user
51              Same as -I, but treats for_user as an enterprise name.
52
53       -F cert_file
54              Specifies that protocol transition is to  be  used,  identifying
55              the  client  principal  with the X.509 certificate in cert_file.
56              The certificate file must be in PEM format.
57
58       --u2u ccache
59              Requests a user-to-user ticket.  ccache  must  contain  a  local
60              krbtgt  ticket  for  the server principal.  The reported version
61              number will typically be 0,  as  the  resulting  ticket  is  not
62              encrypted in the server's long-term key.
63

ENVIRONMENT

65       See kerberos(7) for a description of Kerberos environment variables.
66

FILES

68       FILE:/tmp/krb5cc_%{uid}
69              Default location of the credentials cache
70

SEE ALSO

72       kinit(1), kdestroy(1), kerberos(7)
73

AUTHOR

75       MIT
76

COPYRIGHT

78       1985-2020, MIT
79
80
81
82
831.18                                                                   KVNO(1)