kerberos

No standard kerberos command; use tools like kinit [-R | -r | ...] [principal][@REALM]

Kerberos refers to a network authentication protocol, not a single Linux command. Linux systems use dedicated utilities from MIT Kerberos (krb5) or Heimdal implementations for Kerberos operations.

These tools enable secure authentication via tickets issued by a Key Distribution Center (KDC), avoiding password transmission over networks. Key features include mutual authentication, single sign-on, and support for services like SSH, NFS, and LDAP.

Core client workflow: Use kinit to get initial tickets, klist to view them, kdestroy to revoke. Server-side involves krb5kdc. Packages like krb5-user (Debian/Ubuntu) or krb5-workstation (RHEL) provide these.

Kerberos realms must be configured in /etc/krb5.conf. It's widely used in enterprise environments like Active Directory integrations. For usage, consult man pages of specific tools, as no unified kerberos command exists.

No kerberos executable exists in standard Linux distros. Mistaken for protocol/tools; always specify exact command (e.g., kinit). Requires proper realm/KDC config or failures occur. Clock skew <5min needed.

Debian/Ubuntu: sudo apt install krb5-user
RHEL/Fedora: sudo dnf install krb5-workstation

kinit user@REALM — obtains ticket.
klist — lists tickets.
kdestroy — clears cache.

Developed at MIT (1983-1988) for Project Athena. Kerberos V5 standardized (RFC 1510, 1993; updated RFC 4120, 2005). Linux ports from mid-1990s; MIT krb5 dominant since 2000s, replacing earlier versions.

kinit(1), klist(1), kdestroy(1), kpasswd(1), ktutil(1), kadmin(8), krb5kdc(8)