diff options
Diffstat (limited to 'third_party/heimdal/kuser/kgetcred.1')
-rw-r--r-- | third_party/heimdal/kuser/kgetcred.1 | 188 |
1 files changed, 188 insertions, 0 deletions
diff --git a/third_party/heimdal/kuser/kgetcred.1 b/third_party/heimdal/kuser/kgetcred.1 new file mode 100644 index 0000000..f6c8461 --- /dev/null +++ b/third_party/heimdal/kuser/kgetcred.1 @@ -0,0 +1,188 @@ +.\" Copyright (c) 1999, 2001 - 2002 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id$ +.\" +.Dd March 12, 2004 +.Dt KGETCRED 1 +.Os HEIMDAL +.Sh NAME +.Nm kgetcred +.Nd "get a ticket for a particular service" +.Sh SYNOPSIS +.Nm +.Op Fl Fl canonicalize +.Op Fl Fl canonical +.Oo Fl c cache \*(Ba Xo +.Fl Fl cache= Ns Ar cache +.Xc +.Oc +.Oo Fl e Ar enctype \*(Ba Xo +.Fl Fl enctype= Ns Ar enctype +.Xc +.Oc +.Op Fl Fl debug +.Oo Fl H \*(Ba Xo +.Fl Fl hostbased +.Xc +.Oc +.Op Fl Fl name-type= Ns Ar name-type +.Op Fl Fl no-transit-check +.Op Fl Fl no-store +.Op Fl Fl cached-only +.Op Fl n \*(Ba Fl Fl anonymous +.Op Fl Fl version +.Op Fl Fl help +.Ar principal +.Nm +.Op options +.Fl Fl hostbased +.Ar principal +.Nm +.Op options +.Fl Fl hostbased +.Ar service +.Ar hostname +.Ar [extra-components] +.Sh DESCRIPTION +.Nm +obtains a ticket for the given service principal. +Usually tickets for services are obtained automatically when needed +but sometimes for some odd reason you want to obtain a particular +ticket or of a special type. +.Pp +If +.Fl Fl hostbased +is given then the given service principal name will be canonicalized +(see below). +.Pp +The third form constructs a host-based principal from the given service +name and hostname. The service name "host" is used if the given +.Ar service +name in the third usage is the empty string. +.Pp +For host-based names, the local host's hostname is used if the given +.Ar hostname +is the empty string or if the +.Ar principal +has a single component. +.Pp +Any additional components will be included, even for host-based service +principal names, but there are no defaults nor local canonicalization +rules for additional components. +.Pp +Local name canonicalization rules are applied unless the +.Fl Fl canonical +option is given. Currently local name canonicalization rules are +supported only for host-based principal names' hostname component. +.Pp +The principal's realm name may be canonicalized by following Kerberos +referrals from the client principal's home realm if the +.Fl Fl canonicalize +option is given or if the local name canonicalization rules are +configured to use referrals. +.Pp +Supported options: +.Bl -tag -width Ds +.It Fl Fl canonicalize +requests that the KDC canonicalize the principal. Currently this only +canonicalizes the realm by chasing referrals from the user's start +realm, but in the future this may also enable the KDC to canonicalize +the complete principal name. +.It Fl Fl canonical +turns off local canonicalization of the principal name. +.It Fl Fl name-type= Ns Ar name-type +the name-type to use when parsing the principal name. +.It Fl Fl hostbased +is short for +.Fl Fl name-type=srv_hst . +.It Fl c Ar cache , Fl Fl cache= Ns Ar cache +the credential cache to use. +.It Fl Fl delegation-credential-cache= Ns Ar cache +the credential cache to use for delegation. +.It Fl e Ar enctype , Fl Fl enctype= Ns Ar enctype +encryption type to use. +.It Fl Fl no-transit-check +requests that the KDC doesn't do transit checking. +.It Fl Fl no-store +do not store tickets in the ccache. +.It Fl Fl cached-only +do not talk the TGS, search only the ccache. +.It Fl Fl anonymous +obtain an anonymous service ticket. +.It Fl Fl forwardable +.It Fl Fl debug +enables debug output to stderr. +.It Fl Fl version +.It Fl Fl help +.El +.Pp +If the +.Fl Fl canonical +option is used, then no further canonicalization should be done locally +by the client (for example, DNS), but if +.Fl Fl canonicalize +is used, then the client will ask that the KDC canonicalize the name. +.Pp +If the +.Fl Fl canonicalize +option is used with +.Fl Fl hostbased +a host-based name-type, and +.Fl Fl canonical +is not used, then the hostname will be canonicalized according to the +name canonicalization rules in +.Va krb5.conf . +.Pp +GSS-API initiator applications with host-based services will get the +same behavior as using the +.Fl Fl canonicalize +.Fl Fl hostbased +options here. +.Sh ENVIRONMENT +.Bl -tag -width Ds +.It Ev KRB5CCNAME +Specifies the default credentials cache. +.It Ev KRB5_CONFIG +The file name of +.Pa krb5.conf , +the default being +.Pa /etc/krb5.conf . +.It Ev KRB5_NO_TICKET_STORE +If this variable is present in the environment, any service tickets obtained +are not added to the credential cache. This affects all heimdal applications +and library clients, not just kgetcred. +.El +.Sh SEE ALSO +.Xr kinit 1 , +.Xr klist 1 , +.Xr krb5.conf 5 , +.Xr krb5_openlog 3 |