kinit
obtains Kerberos tickets from the Key Distribution Center
TLDR
Get Kerberos ticket
$ kinit [username]
Get ticket for specific principal$ kinit [username@REALM]
Specify keytab file$ kinit -k -t [keytab.file] [principal]
Get forwardable ticket$ kinit -f [username]
Set ticket lifetime$ kinit -l [1h] [username]
Renew existing ticket$ kinit -R
SYNOPSIS
kinit [options] [principal]
DESCRIPTION
kinit obtains Kerberos tickets from the Key Distribution Center (KDC). The ticket-granting ticket (TGT) enables authentication to Kerberos-protected services without repeated password entry.
The tool is essential for Kerberos authentication in enterprise environments, accessing services like NFS, SSH, and Active Directory.
PARAMETERS
-k
Use keytab file.-t keytab
Keytab file path.-l lifetime
Ticket lifetime.-r lifetime
Renewable lifetime.-f
Get forwardable ticket.-F
Non-forwardable ticket.-p
Get proxiable ticket.-R
Renew existing ticket.-c cache
Credentials cache.-S service
Service principal.
CAVEATS
Requires KDC access. Tickets expire and need renewal. Keytabs need protection. Clock sync required.
HISTORY
kinit is part of MIT Kerberos and Heimdal implementations. Kerberos was developed at MIT in the 1980s as part of Project Athena, named after the three-headed dog guarding Hades in Greek mythology.