1KVNO(1) MIT Kerberos KVNO(1)
2
3
4
6 kvno - print key version numbers of Kerberos principals
7
9 kvno [-c ccache] [-e etype] [-q] [-h] [-P] [-S sname] [-I for_user] [-U
10 for_user] [-F cert_file] [--u2u ccache] service1 service2 ...
11
13 kvno acquires a service ticket for the specified Kerberos principals
14 and prints out the key version numbers of each.
15
17 -c ccache
18 Specifies the name of a credentials cache to use (if not the
19 default)
20
21 -e etype
22 Specifies the enctype which will be requested for the session
23 key of all the services named on the command line. This is use‐
24 ful in certain backward compatibility situations.
25
26 -q Suppress printing output when successful. If a service ticket
27 cannot be obtained, an error message will still be printed and
28 kvno will exit with nonzero status.
29
30 -h Prints a usage statement and exits.
31
32 -P Specifies that the service1 service2 ... arguments are to be
33 treated as services for which credentials should be acquired
34 using constrained delegation. This option is only valid when
35 used in conjunction with protocol transition.
36
37 -S sname
38 Specifies that the service1 service2 ... arguments are inter‐
39 preted as hostnames, and the service principals are to be con‐
40 structed from those hostnames and the service name sname. The
41 service hostnames will be canonicalized according to the usual
42 rules for constructing service principals.
43
44 -I for_user
45 Specifies that protocol transition (S4U2Self) is to be used to
46 acquire a ticket on behalf of for_user. If constrained delega‐
47 tion is not requested, the service name must match the creden‐
48 tials cache client principal.
49
50 -U for_user
51 Same as -I, but treats for_user as an enterprise name.
52
53 -F cert_file
54 Specifies that protocol transition is to be used, identifying
55 the client principal with the X.509 certificate in cert_file.
56 The certificate file must be in PEM format.
57
58 --u2u ccache
59 Requests a user-to-user ticket. ccache must contain a local
60 krbtgt ticket for the server principal. The reported version
61 number will typically be 0, as the resulting ticket is not
62 encrypted in the server's long-term key.
63
65 See kerberos(7) for a description of Kerberos environment variables.
66
68 FILE:/tmp/krb5cc_%{uid}
69 Default location of the credentials cache
70
72 kinit(1), kdestroy(1), kerberos(7)
73
75 MIT
76
78 1985-2020, MIT
79
80
81
82
831.18 KVNO(1)