Kerberos - kinit
Table of Contents
1 - About
2 - Articles Related
3 - Getting Started
3.1 - Own username
kinit assumes you want tickets for your own username in your default realm.
kinit Password for gerard@HOTITEM.LOCAL:
New ticket is stored in cache file C:\Users\gerard\krb5cc_gerard
3.2 - Someone else
A friend David is visiting, and he wants to borrow a window to check his mail. David needs to get tickets for himself in his own realm.
Password for [email protected]:
3.3 - With a keytab file
kinit -V -k -t exalytics-01.keytab HTTP/exalytics-01.hotitem.local
Authenticated to Kerberos v5
4 - Operating System
4.1 - Linux
4.2 - Windows
Usage: kinit [-A] [-f] [-p] [-c cachename] [[-k [-t keytab_file_name]] [principal] [password] available options to Kerberos 5 ticket request: -A do not include addresses -f forwardable -p proxiable -c cache name (i.e., FILE:\d:\myProfiles\mykrb5cache) -k use keytab -t keytab file name principal the principal name (i.e., [email protected] qweadf) password the principal's Kerberos password
- principal is a principal
5 - Support
5.1 - KDC has no support for encryption type
Generally the error “KDC has no support for encryption type” has nothing to do with the encryption type itself but with access to the credentials (ie bad domain controller host, …). It's a very misleading error message.