heimdal-klist - Man Page
list Kerberos credentials
Synopsis
Description
klist reads and displays the current tickets in the credential cache (also known as the ticket file).
Options supported:
- -c cache, --cache=cache
credential cache to list
- -s, -t, --test
Test for there being an active and valid TGT for the local realm of the user in the credential cache.
- -T, --tokens
display AFS tokens
- -5, --v5
display v5 cred cache (this is the default)
- -f
Include ticket flags in short form, each character stands for a specific flag, as follows:
- F
forwardable
- f
forwarded
- P
proxiable
- p
proxied
- D
postdate-able
- d
postdated
- R
renewable
- I
initial
- i
invalid
- A
pre-authenticated
- H
hardware authenticated
This information is also output with the --verbose option, but in a more verbose way.
- -v, --verbose
Verbose output. Include all possible information:
- Server
the principal the ticket is for
- Ticket etype
the encryption type used in the ticket, followed by the key version of the ticket, if it is available
- Session key
the encryption type of the session key, if it's different from the encryption type of the ticket
- Auth time
the time the authentication exchange took place
- Start time
the time that this ticket is valid from (only printed if it's different from the auth time)
- End time
when the ticket expires, if it has already expired this is also noted
- Renew till
the maximum possible end time of any ticket derived from this one
- Ticket flags
the flags set on the ticket
- Addresses
the set of addresses from which this ticket is valid
- -l, --list-caches
List the credential caches for the current users, not all cache types supports listing multiple caches.