Password management
Changing your password
To change your Kerberos password, use the kpasswd command
Granting access to your account
If you need to give someone access to log into your account, you can do so through Kerberos, without telling the person your password. Simply create a file called .k5login in your home directory. This file should contain the Kerberos principal of each person to whom you wish to give access. Each principal must be on a separate line. Here is a sample .k5login file:
jennifer@ATHENA.MIT.EDU
david@EXAMPLE.COM
Ticket management
Kerberos ticket properties
There are various properties that Kerberos tickets can have:
forwardable
proxiable
proxy
postdated
Renewable
initial flag
invalid
preauthenticated
- hardware authentication
transit policy
okay as delegate
anonymous
Obtaining tickets with kinit
shell% kinit david@EXAMPLE.COM
Password for david@EXAMPLE.COM: <-- [Type david's password here.]
shell%
Viewing tickets with klist
shell% klist
Ticket cache: /tmp/krb5cc_ttypa
Default principal: jennifer@ATHENA.MIT.EDU
Valid starting Expires Service principal
06/07/04 19:49:21 06/08/04 05:49:19 krbtgt/ATHENA.MIT.EDU@ATHENA.MIT.EDU
shell%
Destroying tickets with kdestroy¶
shell% kdestroy
shell%