.\" .\" This software may now be redistributed outside the US. .\" .\"Copyright (C) 1989 by the Massachusetts Institute of Technology .\" .\"Export of this software from the United States of America is assumed .\"to require a specific license from the United States Government. .\"It is the responsibility of any person or organization contemplating .\"export to obtain such a license before exporting. .\" .\"WITHIN THAT CONSTRAINT, permission to use, copy, modify, and .\"distribute this software and its documentation for any purpose and .\"without fee is hereby granted, provided that the above copyright .\"notice appear in all copies and that both that copyright notice and .\"this permission notice appear in supporting documentation, and that .\"the name of M.I.T. not be used in advertising or publicity pertaining .\"to distribution of the software without specific, written prior .\"permission. M.I.T. makes no representations about the suitability of .\"this software for any purpose. It is provided "as is" without express .\"or implied warranty. .\" .\" $OpenBSD: kinit.1,v 1.3 1998/02/18 11:53:55 art Exp $ .TH KINIT 1 "Kerberos Version 4.0" "MIT Project Athena" .SH NAME kinit \- Kerberos login utility .SH SYNOPSIS .B kinit [ .B \-irvl ] .SH DESCRIPTION The .I kinit command is used to login to the Kerberos authentication and authorization system. Note that only registered Kerberos users can use the Kerberos system. For information about registering as a Kerberos user, see the .I kerberos(1) manual page. .PP If you are logged in to a workstation that is running the .I toehold service, you do not have to use .I kinit. The .I toehold login procedure will log you into Kerberos automatically. You will need to use .I kinit only in those situations in which your original tickets have expired. (Tickets expire in about a day.) Note as well that .I toehold will automatically destroy your tickets when you logout from the workstation. .PP When you use .I kinit without options, the utility prompts for your username and Kerberos password, and tries to authenticate your login with the local Kerberos server. .PP If Kerberos authenticates the login attempt, .I kinit retrieves your initial ticket and puts it in the ticket file specified by your KRBTKFILE environment variable. If this variable is undefined, your ticket will be stored in the .IR /tmp directory, in the file .I tktuid , where .I uid specifies your user identification number. .PP If you have logged in to Kerberos without the benefit of the workstation .I toehold system, make sure you use the .I kdestroy command to destroy any active tickets before you end your login session. You may want to put the .I kdestroy command in your .I \.logout file so that your tickets will be destroyed automatically when you logout. .PP The options to .I kinit are as follows: .TP 7 .B \-i .I kinit prompts you for a Kerberos instance. .TP .B \-r .I kinit prompts you for a Kerberos realm. This option lets you authenticate yourself with a remote Kerberos server. .TP .B \-v Verbose mode. .I kinit prints the name of the ticket file used, and a status message indicating the success or failure of your login attempt. .TP .B \-l .I kinit prompts you for a ticket lifetime in minutes. Due to protocol restrictions in Kerberos Version 4, this value must be between 5 and 1275 minutes. .SH SEE ALSO .PP kerberos(1), kdestroy(1), klist(1), toehold(1) .SH BUGS The .B \-r option has not been fully implemented. .SH AUTHORS Steve Miller, MIT Project Athena/Digital Equipment Corporation .br Clifford Neuman, MIT Project Athena