1KVNO(1)                          MIT Kerberos                          KVNO(1)
2
3
4

NAME

6       kvno - print key version numbers of Kerberos principals
7

SYNOPSIS

9       kvno  [-c  ccache]  [-e  etype]  [-k  keytab] [-q] [-u | -S sname] [-P]
10       [--cached-only] [--no-store] [--out-cache cache] [[{-F cert_file |  {-I
11       | -U} for_user} [-P]] | --u2u ccache] service1 service2 ...
12

DESCRIPTION

14       kvno  acquires  a  service ticket for the specified Kerberos principals
15       and prints out the key version numbers of each.
16

OPTIONS

18       -c ccache
19              Specifies the name of a credentials cache to use (if not the de‐
20              fault)
21
22       -e etype
23              Specifies  the  enctype  which will be requested for the session
24              key of all the services named on the command line.  This is use‐
25              ful in certain backward compatibility situations.
26
27       -k keytab
28              Decrypt  the  acquired tickets using keytab to confirm their va‐
29              lidity.
30
31       -q     Suppress printing output when successful.  If a  service  ticket
32              cannot  be  obtained, an error message will still be printed and
33              kvno will exit with nonzero status.
34
35       -u     Use the unknown name type in requested service principal  names.
36              This option Cannot be used with -S.
37
38       -P     Specifies  that  the  service1 service2 ...  arguments are to be
39              treated as services for which credentials should be acquired us‐
40              ing constrained delegation.  This option is only valid when used
41              in conjunction with protocol transition.
42
43       -S sname
44              Specifies that the service1 service2 ...  arguments  are  inter‐
45              preted  as  hostnames, and the service principals are to be con‐
46              structed from those hostnames and the service name  sname.   The
47              service  hostnames  will be canonicalized according to the usual
48              rules for constructing service principals.
49
50       -I for_user
51              Specifies that protocol transition (S4U2Self) is to be  used  to
52              acquire  a ticket on behalf of for_user.  If constrained delega‐
53              tion is not requested, the service name must match  the  creden‐
54              tials cache client principal.
55
56       -U for_user
57              Same as -I, but treats for_user as an enterprise name.
58
59       -F cert_file
60              Specifies  that  protocol  transition is to be used, identifying
61              the client principal with the X.509  certificate  in  cert_file.
62              The certificate file must be in PEM format.
63
64       --cached-only
65              Only retrieve credentials already present in the cache, not from
66              the KDC.  (Added in release 1.19.)
67
68       --no-store
69              Do not store retrieved credentials in the cache.  If --out-cache
70              is  also  specified,  credentials  will still be stored into the
71              output credential cache.  (Added in release 1.19.)
72
73       --out-cache ccache
74              Initialize ccache and store all retrieved credentials  into  it.
75              Do not store acquired credentials in the input cache.  (Added in
76              release 1.19.)
77
78       --u2u ccache
79              Requests a user-to-user ticket.  ccache  must  contain  a  local
80              krbtgt  ticket  for  the server principal.  The reported version
81              number will typically be 0, as the resulting ticket is  not  en‐
82              crypted in the server's long-term key.
83

ENVIRONMENT

85       See kerberos for a description of Kerberos environment variables.
86

FILES

88       FILE:/tmp/krb5cc_%{uid}
89              Default location of the credentials cache
90

SEE ALSO

92       kinit, kdestroy, kerberos
93

AUTHOR

95       MIT
96
98       1985-2023, MIT
99
100
101
102
1031.21.2                                                                 KVNO(1)
Impressum