Wednesday, 12 Jun 2024

Kinit – Obtain and Cache Kerberos Ticket-Granting Ticket

Do you need to obtain and cache Kerberos ticket-granting tickets? Look no further than kinit! This powerful tool provides a seamless experience similar to other Kerberos implementations like SEAM and MIT Reference. In this article, we’ll explore the ins and outs of kinit and how you can leverage its features effectively.

What is kinit?

Kinit is primarily used to obtain and cache Kerberos ticket-granting tickets. Essentially, it allows you to authenticate yourself within a Kerberos system. Whether you’re new to Kerberos or an experienced user, kinit is designed to simplify the process of obtaining these essential tickets.

How to Use kinit

Before diving into the usage, it’s important to note that you must be registered as a principal with the Key Distribution Center (KDC) before running kinit. Once you’re all set, the following commands will help you navigate the world of kinit:


kinit [ commands ] <principal name> [<password>]


On the Windows platform, a cache file named <USER_HOME>krb5cc_<USER_NAME> will be generated by default. Here, <uid> represents the user identification number of the user logged into the system.

<USER_HOME> is obtained from the java.lang.System property user.home, while <USER_NAME> is obtained from the java.lang.System property If <USER_HOME> is null, the cache file will be stored in the current directory where the program is running. Please note that <USER_NAME> is the operating system’s login username, which might be different from the user’s principal name.

Tham Khảo Thêm:  How to Safely Log Out of Doordash on All Devices

By default, the keytab name is retrieved from the Kerberos configuration file. If the keytab name is not specified in the configuration file, it is assumed to be <USER_HOME>krb5.keytab.

If you don’t specify the password using the password option on the command line, kinit will prompt you for it. However, keep in mind that the password option should only be utilized for testing purposes. Never place your password in a script or provide it on the command line to ensure the utmost security.

For more information, refer to the man pages for kinit.


The following commands can be used with kinit:


kinit [-fp] [-c <cache_name>] [-k] [-t <keytab_filename>] [<principal>] [<password>] [-help]

Command Option Description:

  • -A: Do not include addresses.
  • -f: Issue a forwardable ticket.
  • -p: Issue a proxiable ticket.
  • -c <cache_name>: The cache name (i.e., FILE:d:tempmykrb5cc).
  • -k: Use keytab.
  • -t <keytab_filename>: The keytab name (i.e., d:winntprofilesdukekrb5.keytab).
  • <principal>: The principal name (i.e., [email protected]).
  • <password>: The principal’s Kerberos password (DO NOT SPECIFY ON COMMAND LINE OR IN A SCRIPT).
  • -help: Displays instructions.


Here are a few examples to give you a better understanding of how to utilize kinit:

  • Requesting credentials valid for authentication from the current client host, for the default services, and storing the credentials cache in the default location (c:winntprofilesdukekrb5cc_duke):

    kinit [email protected]
  • Requesting proxiable credentials for a different principal and storing these credentials in a specified file cache:

    kinit -p -c FILE:c:winntprofilesdukecredentialskrb5cc_cafebeef [email protected]
  • Requesting proxiable and forwardable credentials for a different principal and storing these credentials in a specified file cache:

    kinit -f -p -c FILE:c:winntprofilesdukecredentialskrb5cc_cafebeef [email protected]
  • Displaying the help menu for kinit:

    kinit -help

Security Alert

A word of caution: the password flag is intended for testing purposes only. Never specify your password on the command line as doing so poses a significant security risk. An attacker could potentially discover your password while enumerating all running processes on the system.

Tham Khảo Thêm:  How to Password Protect a Google Doc

Stay safe and keep your credentials secure!

Now that you have a solid understanding of kinit and its capabilities, you can confidently manage your Kerberos ticket-granting tickets. Remember, kinit simplifies the process and allows you to navigate the intricate world of Kerberos authentication with ease. Happy ticket-granting!