.\" $Id$
.\"
.Dd May 29, 1998
.Dt KINIT 1
.Os HEIMDAL
.Sh NAME
.Nm kinit ,
.Nm kauth
.Nd
acquire initial tickets
.Sh SYNOPSIS
.Nm kinit
.Op Fl 4 | Fl -524init
.Op Fl -afslog
.Oo Fl c Ar cachename \*(Ba Xo
.Fl -cache= Ns Ar cachename Oc
.Xc
.Op Fl f | Fl -forwardable
.Oo Fl t Ar keytabname \*(Ba Xo
.Fl -keytab= Ns Ar keytabname Oc
.Xc
.Oo Fl l Ar seconds \*(Ba Xo
.Fl -lifetime= Ns Ar seconds Oc
.Xc
.Op Fl p | Fl -proxiable
.Op Fl R | Fl -renew
.Op Fl -renewable
.Oo Fl r Ar seconds \*(Ba Xo
.Fl -renewable-life= Ns Ar seconds Oc
.Xc
.Oo Fl S Ar principal \*(Ba Xo
.Fl -server= Ns Ar principal Oc
.Xc
.Oo Fl s Ar seconds \*(Ba Xo
.Fl -start-time= Ns Ar seconds Oc
.Xc
.Op Fl k | Fl -use-keytab
.Op Fl v | Fl -validate
.Oo Fl e Ar enctype \*(Ba Xo
.Fl -enctypes= Ns Ar enctype Oc
.Xc
.Op Fl -fcache-version= Ns Ar integer
.Op Fl -no-addresses
.Op Fl -anonymous
.Op Fl -version
.Op Fl -help
.Op Ar principal
.Sh DESCRIPTION
.Nm
is used to authenticate to the kerberos server as
.Ar principal ,
or if none is given, a system generated default, and acquire a ticket
granting ticket that can later be used to obtain tickets for other
services.
Supported options:
.Bl -tag -width Ds
.It Xo
.Fl c Ar cachename
.Fl -cache= Ns Ar cachename
.Xc
The credentials cache to put the acquired ticket in, if other than
default.
.It Xo
.Fl f Ns ,
.Fl -forwardable
.Xc
Get ticket that can be forwarded to another host.
.It Xo
.Fl t Ar keytabname Ns ,
.Fl -keytab= Ns Ar keytabname
.Xc
Don't ask for a password, but instead get the key from the specified
keytab.
.It Xo 
.Fl l Ar seconds Ns , 
.Fl -lifetime= Ns Ar seconds
.Xc
Specifies the lifetime of the ticket.
.It Xo
.Fl p Ns ,
.Fl -proxiable
.Xc
Request tickets with the proxiable flag set.
.It Xo
.Fl R Ns ,
.Fl -renew
.Xc
Try to renew ticket. The ticket must have the
.Sq renewable
flag set, and must not be expired.
.It Fl -renewable
The same as
.Fl -renewable-life ,
with an infinite time.
.It Xo
.Fl r Ar seconds Ns ,
.Fl -renewable-life= Ns Ar seconds
.Xc
The max renewable ticket life.
.It Xo
.Fl S Ar principal Ns ,
.Fl -server= Ns Ar principal
.Xc
Get a ticket for a service other than krbtgt/LOCAL.REALM.
.It Xo
.Fl s Ar seconds Ns ,
.Fl -start-time= Ns Ar seconds
.Xc
Start time of ticket, if other than the current time.
.It Xo
.Fl k Ns ,
.Fl -use-keytab
.Xc
The same as
.Fl -keytab ,
but with the default keytab name (normally
.Ar FILE:/etc/krb5.keytab ) .
.It Xo
.Fl v Ns ,
.Fl -validate
.Xc
Try to validate an invalid ticket.
.It Xo
.Fl e ,
.Fl -enctypes= Ns Ar enctypes
.Xc
Request tickets with this particular enctype.
.It Xo
.Fl -fcache-version= Ns Ar version
.Xc
Create a credentials cache of version
.Nm version .
.It Xo
.Fl -no-addresses
.Xc
Request a ticket with no addresses.
.It Xo
.Fl -anonymous
Request an anonymous ticket.
.Xc
.El

The following options are only available if
.Nm 
has been compiled with support for Kerberos 4. The 
.Nm kauth
program is identical to
.Nm kinit ,
but has these options enabled by
default.
.Bl -tag -width Ds
.It Xo
.Fl 4 Ns ,
.Fl -524init
.Xc
Try to convert the obtained krbtgt to a version 4 compatible
ticket. It will store this ticket in the default Kerberos 4 ticket
file.
.It Fl -afslog
Gets AFS tickets, converts them to version 4 format, and stores them
in the kernel. Only useful if you have AFS.
.El
.Sh ENVIRONMENT
.Bl -tag -width Ds
.It Ev KRB5CCNAME
Specifies the default cache file.
.It Ev KRB5_CONFIG
The directory where the
.Pa krb5.conf
can be found, default is 
.Pa /etc .
.It Ev KRBTKFILE
Specifies the Kerberos 4 ticket file to store version 4 tickets in.
.El
.\".Sh FILES
.\".Sh EXAMPLES
.\".Sh DIAGNOSTICS
.Sh SEE ALSO
.Xr krb5.conf 5 ,
.Xr klist 1 ,
.Xr kdestroy 1
.\".Sh STANDARDS
.\".Sh HISTORY
.\".Sh AUTHORS
.\".Sh BUGS