.SH NAME
klist \- list cached Kerberos tickets
.SH SYNOPSIS
-\fBklist\fP [\fB\-e\fP] [[\fB\-c\fP] [\fB\-f\fP] [\fB\-s\fP]
-[\fIcache_name\fP]] [\fB\-k\fP [\fB\-t\fP] [\fB\-K\fP]
-[\fIkeytab_name\fP]]
+\fBklist\fP [\fB\-5\fP] [\fB\-4\fP] [\fB\-e\fP] [[\fB\-c\fP] [\fB\-f\fP]
+[\fB\-s\fP] [\fB\-a\fP [\fB\-n\fP]]]
+[\fB\-k\fP [\fB\-t\fP] [\fB\-K\fP]]
+[\fIcache_name\fP | \fIkeytab_name\fP]
.br
.SH DESCRIPTION
.I Klist
cache, or the keys held in a
.B keytab
file.
+If klist was built with Kerberos 4 support, the default behavior is to list
+both Kerberos 5 and Kerberos 4 credentials. Otherwise, klist will default
+to listing only Kerberos 5 credentials.
.SH OPTIONS
.TP
+.B \-5
+list Kerberos 5 credentials. This overrides whatever the default built-in
+behavior may be. This option may be used with
+.B \-4
+.
+.TP
+.B \-4
+list Kerberos 4 credentials. This overrides whatever the default built-in
+behavior may be. This option is only available if kinit was built
+with Kerberos 4 compatibility. This option may be used with
+.B \-5
+.
+.TP
.B \-e
displays the encryption types of the session key and the ticket for each
credential in the credential cache, or each key in the keytab file.
.B klist
finds a credentials cache, and `1' if it does not.
.TP
+.B \-a
+display list of addresses in credentials.
+.TP
+.B \-n
+show numeric addresses instead of reverse-resolving addresses.
+.TP
\fB\-k\fP
List keys held in a
.B keytab
ticket cache.
.SH ENVIRONMENT
.B Klist
-uses the following environment variable:
+uses the following environment variables:
.TP "\w'.SM KRB5CCNAME\ \ 'u"
.SM KRB5CCNAME
-Location of the credentials (ticket) cache.
+Location of the Kerberos 5 credentials (ticket) cache.
+.TP "\w'.SM KRBTKFILE\ \ 'u"
+.SM KRBTKFILE
+Filename of the Kerberos 4 credentials (ticket) cache.
.SH FILES
.TP "\w'/tmp/krb5cc_[uid]\ \ 'u"
/tmp/krb5cc_[uid]
-default location of the credentials cache ([uid] is the decimal UID of
-the user).
+default location of Kerberos 5 credentials cache
+([uid] is the decimal UID of the user).
+.TP "\w'/tmp/tkt[uid]\ \ 'u"
+/tmp/tkt[uid]
+default location of Kerberos 4 credentials cache
+([uid] is the decimal UID of the user).
.TP
/etc/krb5.keytab
-default location of the
+default location for the local host's
.B keytab
file.
.SH SEE ALSO
#include <netdb.h>
#endif
-int use_k4_only = 0, use_k5_only = 0;
int show_flags = 0, show_time = 0, status_only = 0, show_keys = 0;
int show_etype = 0, show_addresses = 0, no_resolve = 0;
char *defname;
#ifdef KRB5_KRB4_COMPAT
void do_v4_ccache KRB5_PROTOTYPE((char *));
-#define K54_USAGE_STRING "[-4] [-5] "
-#define K54_USAGE_HELP "\t-4 Kerberos 4 only, -5 Kerberos 5 only, default is both\n"
-#else /* KRB5_KRB4_COMPAT */
-#define K54_USAGE_STRING ""
-#define K54_USAGE_HELP ""
#endif /* KRB5_KRB4_COMPAT */
#define DEFAULT 0
#define CCACHE 1
#define KEYTAB 2
-void usage()
-{
- fprintf(stderr, "Usage: %s " K54_USAGE_STRING
- "[[-c] [-f] [-e] [-s] [-a] [-n]] [-k [-t] [-K]] [name]\n",
- progname);
- fprintf(stderr, K54_USAGE_HELP);
- fprintf(stderr, "\t-c specifies credentials cache, -k specifies keytab");
- fprintf(stderr, ", -c is default\n");
- fprintf(stderr, "\toptions for credential caches:\n");
- fprintf(stderr, "\t\t-f shows credentials flags\n");
- fprintf(stderr, "\t\t-e shows the encryption type\n");
- fprintf(stderr, "\t\t-s sets exit status based on valid tgt existence\n");
- fprintf(stderr, "\t\t-a displays the address list\n");
- fprintf(stderr, "\t\t\t-n do not reverse-resolve\n");
- fprintf(stderr, "\toptions for keytabs:\n");
- fprintf(stderr, "\t\t-t shows keytab entry timestamps\n");
- fprintf(stderr, "\t\t-K shows keytab entry DES keys\n");
- exit(1);
-}
-
/*
* The reason we start out with got_k4 and got_k5 as zero (false) is
* so that we can easily add dynamic loading support for determining
* whether Kerberos 4 and Keberos 5 libraries are available
*/
-#ifdef KRB5_KRB4_COMPAT
+static int got_k5 = 0;
static int got_k4 = 0;
+
+static int default_k5 = 1;
+#ifdef KRB5_KRB4_COMPAT
+static int default_k4 = 1;
+#else
+static int default_k4 = 0;
#endif
-static int got_k5 = 0;
+
+void usage()
+{
+#define KRB_AVAIL_STRING(x) ((x)?"available":"not available")
+
+ fprintf(stderr, "Usage: %s [-5] [-4] [-e] [[-c] [-f] [-s] [-a [-n]]] "
+ "[-k [-t] [-K]] [name]\n", progname);
+ fprintf(stderr, "\t-5 Kerberos 5 (%s)\n", KRB_AVAIL_STRING(got_k5));
+ fprintf(stderr, "\t-4 Kerberos 4 (%s)\n", KRB_AVAIL_STRING(got_k4));
+ fprintf(stderr, "\t (Default is %s%s%s%s)\n",
+ default_k5?"Kerberos 5":"",
+ (default_k5 && default_k4)?" and ":"",
+ default_k4?"Kerberos 4":"",
+ (!default_k5 && !default_k4)?"neither":"");
+ fprintf(stderr, "\t-c specifies credentials cache\n");
+ fprintf(stderr, "\t-k specifies keytab\n");
+ fprintf(stderr, "\t (Default is credentials cache)\n");
+ fprintf(stderr, "\t-e shows the encryption type\n");
+ fprintf(stderr, "\toptions for credential caches:\n");
+ fprintf(stderr, "\t\t-f shows credentials flags\n");
+ fprintf(stderr, "\t\t-s sets exit status based on valid tgt existence\n");
+ fprintf(stderr, "\t\t-a displays the address list\n");
+ fprintf(stderr, "\t\t\t-n do not reverse-resolve\n");
+ fprintf(stderr, "\toptions for keytabs:\n");
+ fprintf(stderr, "\t\t-t shows keytab entry timestamps\n");
+ fprintf(stderr, "\t\t-K shows keytab entry DES keys\n");
+ exit(1);
+}
int
main(argc, argv)
{
char *name;
int mode;
+ int use_k5 = 0, use_k4 = 0;
got_k5 = 1;
#ifdef KRB5_KRB4_COMPAT
if (mode != DEFAULT) usage();
mode = KEYTAB;
break;
-#ifdef KRB5_KRB4_COMPAT
case '4':
- use_k4_only = 1;
+ if (!got_k4)
+ {
+#ifdef KRB5_KRB4_COMPAT
+ fprintf(stderr, "Kerberos 4 support could not be loaded\n");
+#else
+ fprintf(stderr, "This was not built with Kerberos 4 support\n");
+#endif
+ exit(3);
+ }
+ use_k4 = 1;
break;
case '5':
- use_k5_only = 1;
+ if (!got_k5)
+ {
+ fprintf(stderr, "Kerberos 5 support could not be loaded\n");
+ exit(3);
+ }
+ use_k5 = 1;
break;
-#endif /* KRB4_KRB5_COMPAT */
default:
usage();
break;
argv++;
}
+ if (no_resolve && !show_addresses) {
+ usage();
+ }
+
if (mode == DEFAULT || mode == CCACHE) {
- if (show_time || show_keys)
- usage();
+ if (show_time || show_keys)
+ usage();
} else {
- if (show_flags || status_only)
- usage();
+ if (show_flags || status_only || show_addresses)
+ usage();
}
- if (use_k4_only && use_k5_only)
+ if (!use_k5 && !use_k4)
{
- fprintf(stderr, "Only one of -4 and -5 allowed\n");
- usage();
+ use_k5 = default_k5;
+ use_k4 = default_k4;
}
-#ifdef KRB5_KRB4_COMPAT
- if (use_k4_only)
+ if (!use_k5)
got_k5 = 0;
- if (use_k5_only)
+ if (!use_k4)
got_k4 = 0;
-#endif /* KRB4_KRB5_COMPAT */
now = time(0);
{
projects / krb5.git / commitdiff