klist(8krb)
Name
klist − lists currently held Kerberos tickets
Syntax
/usr/bin/klist [ \-s | −t ] [ −file [filename] ] [ −srvtab ]
Arguments
filename The name of the Kerberos ticket file.
Description
The klist command allows you to print the name of the ticket file, the identity of the principal requesting the tickets (as listed in the ticket file), and the principal names of all the Kerberos tickets currently held by the user (along with the issue and expiration times for each authenticator). Principal names are listed in the form:
name.instance@realm
The period (.) is omitted if the instance is null, and the at sign (@) is omitted if the realm is null.
The klist command also enables you to print the entries in the srvtab file. If the -srvtab option is selected, klist will print the service name, instance name, realm name, and key version of all services listed in the srvtab file.
Options
−s Suppresses the printing of the issue and expiration times, the name of the ticket file, or the identity of the principal.
−t Checks for the existence of an unexpired ticket-granting-ticket in the ticket file. If one is present, klist exits with status of zero (0). Otherwise, it exits with status 1. No output is generated when this option is specified.
−file Causes the following argument to be used as the ticket file. Otherwise, the file /var/dss/kerberos/tkt/tkt[uid] is used, where uid is the user ID of the klist process.
−srvtab
Indicates that srvtab data should be printed. If the -file switch is not used, the srvtab data is read from the default srvtab file, /etc/srvtab.
Restrictions
User-level authentication is not supported. However, by naming the file tkt.login with the −file option, you can look at the tickets generated by login.
Files
/etc/srvtab Default srvtab file
/etc/krb.conf
To get the name of the local realm
/var/dss/kerberos/tkt/tkt[uid]
The default ticket file
/var/dss/kerberos/tkt/tkt.login
The file containing tickets generated by .login