1KVNO(1) MIT Kerberos KVNO(1)
2
3
4
6 kvno - print key version numbers of Kerberos principals
7
9 kvno [-c ccache] [-e etype] [-q] [-u | -S sname] [-P] [[{-F cert_file |
10 {-I | -U} for_user} [-P]] | --u2u ccache] service1 service2 ...
11
13 kvno acquires a service ticket for the specified Kerberos principals
14 and prints out the key version numbers of each.
15
17 -c ccache
18 Specifies the name of a credentials cache to use (if not the
19 default)
20
21 -e etype
22 Specifies the enctype which will be requested for the session
23 key of all the services named on the command line. This is use‐
24 ful in certain backward compatibility situations.
25
26 -k keytab
27 Decrypt the acquired tickets using keytab to confirm their
28 validity.
29
30 -q Suppress printing output when successful. If a service ticket
31 cannot be obtained, an error message will still be printed and
32 kvno will exit with nonzero status.
33
34 -u Use the unknown name type in requested service principal names.
35 This option Cannot be used with -S.
36
37 -P Specifies that the service1 service2 ... arguments are to be
38 treated as services for which credentials should be acquired
39 using constrained delegation. This option is only valid when
40 used in conjunction with protocol transition.
41
42 -S sname
43 Specifies that the service1 service2 ... arguments are inter‐
44 preted as hostnames, and the service principals are to be con‐
45 structed from those hostnames and the service name sname. The
46 service hostnames will be canonicalized according to the usual
47 rules for constructing service principals.
48
49 -I for_user
50 Specifies that protocol transition (S4U2Self) is to be used to
51 acquire a ticket on behalf of for_user. If constrained delega‐
52 tion is not requested, the service name must match the creden‐
53 tials cache client principal.
54
55 -U for_user
56 Same as -I, but treats for_user as an enterprise name.
57
58 -F cert_file
59 Specifies that protocol transition is to be used, identifying
60 the client principal with the X.509 certificate in cert_file.
61 The certificate file must be in PEM format.
62
63 --cached-only
64 Only retrieve credentials already present in the cache, not from
65 the KDC. (Added in release 1.19.)
66
67 --no-store
68 Do not store retrieved credentials in the cache. If --out-cache
69 is also specified, credentials will still be stored into the
70 output credential cache. (Added in release 1.19.)
71
72 --out-cache ccache
73 Initialize ccache and store all retrieved credentials into it.
74 Do not store acquired credentials in the input cache. (Added in
75 release 1.19.)
76
77 --u2u ccache
78 Requests a user-to-user ticket. ccache must contain a local
79 krbtgt ticket for the server principal. The reported version
80 number will typically be 0, as the resulting ticket is not
81 encrypted in the server's long-term key.
82
84 See kerberos(7) for a description of Kerberos environment variables.
85
87 FILE:/tmp/krb5cc_%{uid}
88 Default location of the credentials cache
89
91 kinit(1), kdestroy(1), kerberos(7)
92
94 MIT
95
97 1985-2020, MIT
98
99
100
101
1021.18.2 KVNO(1)