Kerberos - klist

1 - About

The klist utility list the tickets.

3 - Installation

3.1 - Java

Usage: klist [[-c] [-f] [-e] [-a [-n]]] [-k [-t] [-K]] [name]
   name  name of credentials cache or  keytab with the prefix. File-based cache or keytab's prefix is FILE:.
   -c specifies that credential cache is to be listed
   -k specifies that key tab is to be listed
   options for credentials caches:
        -f       shows credentials flags
        -e       shows the encryption type
        -a       shows addresses
          -n       do not reverse-resolve addresses
   options for keytabs:
        -t       shows keytab entry timestamps
        -K       shows keytab entry key value
        -e       shows keytab entry key type

Usage: java sun.security.krb5.tools.Klist -help for help.

3.2 - MIT kerberos

Usage: klist [-e] [-V] [[-c] [-l] [-A] [-d] [-f] [-s] [-a [-n]]] [-k [-t] [-K]] [name]
        -c specifies credentials cache
        -k specifies keytab
           (Default is credentials cache)
        -i uses default client keytab if no name given
        -l lists credential caches in collection
        -A shows content of all credential caches
        -e shows the encryption type
        -V shows the Kerberos version and exits
        options for credential caches:
                -d shows the submitted authorization data types
                -f shows credentials flags
                -s sets exit status based on valid tgt existence
                -a displays the address list
                        -n do not reverse-resolve
        options for keytabs:
                -t shows keytab entry timestamps
                -K shows keytab entry keys

3.3 - Windows

C:\Windows\System32\klist.exe
Usage: klist.exe [command]

Command list:
  [tickets] [-lh <LogonId.HighPart>] [-li <LogonId.LowPart>]
  tgt [-lh <LogonId.HighPart>] [-li <LogonId.LowPart>]
  purge [-lh <LogonId.HighPart>] [-li <LogonId.LowPart>]
  sessions [-lh <LogonId.HighPart>] [-li <LogonId.LowPart>]
  kcd_cache [-lh <LogonId.HighPart>] [-li <LogonId.LowPart>]
  get <SPN> [-lh <LogonId.HighPart>] [-li <LogonId.LowPart>]
            [-kdcoptions <options>] [-cacheoptions <options>]
  add_bind <DOMAIN> <DC>
  query_bind
  purge_bind

where:

https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/klist

4 - Example

klist -f
Credentials cache: C:\Users\gerard\krb5cc_gerard

Default principal: [email protected], 1 entry found.

[1]  Service Principal:  krbtgt/[email protected]
     Valid starting:     Jul 10,  2014 10:11:40
     Expires:            Jul 10,  2014 20:11:40
     Flags:              INITIAL;PRE-AUTHENT

where:

Flags Description
F Forwardable
f forwarded
P Proxiable
p proxy
D postDateable
d postdated
R Renewable
I Initial
i invalid
H Hardware authenticated
A preAuthenticated
T Transit policy checked
O Okay as delegate
a anonymous
security/kerberos/klist.txt ยท Last modified: 2018/07/26 14:13 by gerardnico