summaryrefslogtreecommitdiff
path: root/doc/html/user
diff options
context:
space:
mode:
authorCy Schubert <cy@FreeBSD.org>2017-07-07 17:03:42 +0000
committerCy Schubert <cy@FreeBSD.org>2017-07-07 17:03:42 +0000
commit33a9b234e7087f573ef08cd7318c6497ba08b439 (patch)
treed0ea40ad3bf5463a3c55795977c71bcb7d781b4b /doc/html/user
vendor/krb5/1.15.1
Notes
Diffstat (limited to 'doc/html/user')
-rw-r--r--doc/html/user/index.html173
-rw-r--r--doc/html/user/pwd_mgmt.html239
-rw-r--r--doc/html/user/tkt_mgmt.html459
-rw-r--r--doc/html/user/user_commands/index.html164
-rw-r--r--doc/html/user/user_commands/kdestroy.html223
-rw-r--r--doc/html/user/user_commands/kinit.html354
-rw-r--r--doc/html/user/user_commands/klist.html268
-rw-r--r--doc/html/user/user_commands/kpasswd.html186
-rw-r--r--doc/html/user/user_commands/krb5-config.html238
-rw-r--r--doc/html/user/user_commands/ksu.html507
-rw-r--r--doc/html/user/user_commands/kswitch.html204
-rw-r--r--doc/html/user/user_commands/kvno.html229
-rw-r--r--doc/html/user/user_commands/sclient.html171
-rw-r--r--doc/html/user/user_config/index.html153
-rw-r--r--doc/html/user/user_config/k5identity.html202
-rw-r--r--doc/html/user/user_config/k5login.html193
16 files changed, 3963 insertions, 0 deletions
diff --git a/doc/html/user/index.html b/doc/html/user/index.html
new file mode 100644
index 000000000000..6e28dc4840d5
--- /dev/null
+++ b/doc/html/user/index.html
@@ -0,0 +1,173 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+ <head>
+ <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+
+ <title>For users &mdash; MIT Kerberos Documentation</title>
+
+ <link rel="stylesheet" href="../_static/agogo.css" type="text/css" />
+ <link rel="stylesheet" href="../_static/pygments.css" type="text/css" />
+ <link rel="stylesheet" href="../_static/kerb.css" type="text/css" />
+
+ <script type="text/javascript">
+ var DOCUMENTATION_OPTIONS = {
+ URL_ROOT: '../',
+ VERSION: '1.15.1',
+ COLLAPSE_INDEX: false,
+ FILE_SUFFIX: '.html',
+ HAS_SOURCE: true
+ };
+ </script>
+ <script type="text/javascript" src="../_static/jquery.js"></script>
+ <script type="text/javascript" src="../_static/underscore.js"></script>
+ <script type="text/javascript" src="../_static/doctools.js"></script>
+ <link rel="author" title="About these documents" href="../about.html" />
+ <link rel="copyright" title="Copyright" href="../copyright.html" />
+ <link rel="top" title="MIT Kerberos Documentation" href="../index.html" />
+ <link rel="next" title="Password management" href="pwd_mgmt.html" />
+ <link rel="prev" title="MIT Kerberos Documentation (1.15.1)" href="../index.html" />
+ </head>
+ <body>
+ <div class="header-wrapper">
+ <div class="header">
+
+
+ <h1><a href="../index.html">MIT Kerberos Documentation</a></h1>
+
+ <div class="rel">
+
+ <a href="../index.html" title="Full Table of Contents"
+ accesskey="C">Contents</a> |
+ <a href="../index.html" title="MIT Kerberos Documentation (1.15.1)"
+ accesskey="P">previous</a> |
+ <a href="pwd_mgmt.html" title="Password management"
+ accesskey="N">next</a> |
+ <a href="../genindex.html" title="General Index"
+ accesskey="I">index</a> |
+ <a href="../search.html" title="Enter search criteria"
+ accesskey="S">Search</a> |
+ <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__For users">feedback</a>
+ </div>
+ </div>
+ </div>
+
+ <div class="content-wrapper">
+ <div class="content">
+ <div class="document">
+
+ <div class="documentwrapper">
+ <div class="bodywrapper">
+ <div class="body">
+
+ <div class="section" id="for-users">
+<h1>For users<a class="headerlink" href="#for-users" title="Permalink to this headline">¶</a></h1>
+<div class="toctree-wrapper compound">
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="pwd_mgmt.html">Password management</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="pwd_mgmt.html#changing-your-password">Changing your password</a></li>
+<li class="toctree-l2"><a class="reference internal" href="pwd_mgmt.html#granting-access-to-your-account">Granting access to your account</a></li>
+<li class="toctree-l2"><a class="reference internal" href="pwd_mgmt.html#password-quality-verification">Password quality verification</a></li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="tkt_mgmt.html">Ticket management</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="tkt_mgmt.html#kerberos-ticket-properties">Kerberos ticket properties</a></li>
+<li class="toctree-l2"><a class="reference internal" href="tkt_mgmt.html#obtaining-tickets-with-kinit">Obtaining tickets with kinit</a></li>
+<li class="toctree-l2"><a class="reference internal" href="tkt_mgmt.html#viewing-tickets-with-klist">Viewing tickets with klist</a></li>
+<li class="toctree-l2"><a class="reference internal" href="tkt_mgmt.html#destroying-tickets-with-kdestroy">Destroying tickets with kdestroy</a></li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="user_config/index.html">User config files</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="user_config/k5login.html">.k5login</a></li>
+<li class="toctree-l2"><a class="reference internal" href="user_config/k5identity.html">.k5identity</a></li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="user_commands/index.html">User commands</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="user_commands/kdestroy.html">kdestroy</a></li>
+<li class="toctree-l2"><a class="reference internal" href="user_commands/kinit.html">kinit</a></li>
+<li class="toctree-l2"><a class="reference internal" href="user_commands/klist.html">klist</a></li>
+<li class="toctree-l2"><a class="reference internal" href="user_commands/kpasswd.html">kpasswd</a></li>
+<li class="toctree-l2"><a class="reference internal" href="user_commands/krb5-config.html">krb5-config</a></li>
+<li class="toctree-l2"><a class="reference internal" href="user_commands/ksu.html">ksu</a></li>
+<li class="toctree-l2"><a class="reference internal" href="user_commands/kswitch.html">kswitch</a></li>
+<li class="toctree-l2"><a class="reference internal" href="user_commands/kvno.html">kvno</a></li>
+<li class="toctree-l2"><a class="reference internal" href="user_commands/sclient.html">sclient</a></li>
+</ul>
+</li>
+</ul>
+</div>
+</div>
+
+
+ </div>
+ </div>
+ </div>
+ </div>
+ <div class="sidebar">
+ <h2>On this page</h2>
+ <ul>
+<li><a class="reference internal" href="#">For users</a></li>
+</ul>
+
+ <br/>
+ <h2>Table of contents</h2>
+ <ul class="current">
+<li class="toctree-l1 current"><a class="current reference internal" href="">For users</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="pwd_mgmt.html">Password management</a></li>
+<li class="toctree-l2"><a class="reference internal" href="tkt_mgmt.html">Ticket management</a></li>
+<li class="toctree-l2"><a class="reference internal" href="user_config/index.html">User config files</a></li>
+<li class="toctree-l2"><a class="reference internal" href="user_commands/index.html">User commands</a></li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="../admin/index.html">For administrators</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../appdev/index.html">For application developers</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../plugindev/index.html">For plugin module developers</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../build/index.html">Building Kerberos V5</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../basic/index.html">Kerberos V5 concepts</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../formats/index.html">Protocols and file formats</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../mitK5features.html">MIT Kerberos features</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../build_this.html">How to build this documentation from the source</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../about.html">Contributing to the MIT Kerberos Documentation</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../resources.html">Resources</a></li>
+</ul>
+
+ <br/>
+ <h4><a href="../index.html">Full Table of Contents</a></h4>
+ <h4>Search</h4>
+ <form class="search" action="../search.html" method="get">
+ <input type="text" name="q" size="18" />
+ <input type="submit" value="Go" />
+ <input type="hidden" name="check_keywords" value="yes" />
+ <input type="hidden" name="area" value="default" />
+ </form>
+ </div>
+ <div class="clearer"></div>
+ </div>
+ </div>
+
+ <div class="footer-wrapper">
+ <div class="footer" >
+ <div class="right" ><i>Release: 1.15.1</i><br />
+ &copy; <a href="../copyright.html">Copyright</a> 1985-2017, MIT.
+ </div>
+ <div class="left">
+
+ <a href="../index.html" title="Full Table of Contents"
+ >Contents</a> |
+ <a href="../index.html" title="MIT Kerberos Documentation (1.15.1)"
+ >previous</a> |
+ <a href="pwd_mgmt.html" title="Password management"
+ >next</a> |
+ <a href="../genindex.html" title="General Index"
+ >index</a> |
+ <a href="../search.html" title="Enter search criteria"
+ >Search</a> |
+ <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__For users">feedback</a>
+ </div>
+ </div>
+ </div>
+
+ </body>
+</html> \ No newline at end of file
diff --git a/doc/html/user/pwd_mgmt.html b/doc/html/user/pwd_mgmt.html
new file mode 100644
index 000000000000..5da8eed16a15
--- /dev/null
+++ b/doc/html/user/pwd_mgmt.html
@@ -0,0 +1,239 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+ <head>
+ <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+
+ <title>Password management &mdash; MIT Kerberos Documentation</title>
+
+ <link rel="stylesheet" href="../_static/agogo.css" type="text/css" />
+ <link rel="stylesheet" href="../_static/pygments.css" type="text/css" />
+ <link rel="stylesheet" href="../_static/kerb.css" type="text/css" />
+
+ <script type="text/javascript">
+ var DOCUMENTATION_OPTIONS = {
+ URL_ROOT: '../',
+ VERSION: '1.15.1',
+ COLLAPSE_INDEX: false,
+ FILE_SUFFIX: '.html',
+ HAS_SOURCE: true
+ };
+ </script>
+ <script type="text/javascript" src="../_static/jquery.js"></script>
+ <script type="text/javascript" src="../_static/underscore.js"></script>
+ <script type="text/javascript" src="../_static/doctools.js"></script>
+ <link rel="author" title="About these documents" href="../about.html" />
+ <link rel="copyright" title="Copyright" href="../copyright.html" />
+ <link rel="top" title="MIT Kerberos Documentation" href="../index.html" />
+ <link rel="up" title="For users" href="index.html" />
+ <link rel="next" title="Ticket management" href="tkt_mgmt.html" />
+ <link rel="prev" title="For users" href="index.html" />
+ </head>
+ <body>
+ <div class="header-wrapper">
+ <div class="header">
+
+
+ <h1><a href="../index.html">MIT Kerberos Documentation</a></h1>
+
+ <div class="rel">
+
+ <a href="../index.html" title="Full Table of Contents"
+ accesskey="C">Contents</a> |
+ <a href="index.html" title="For users"
+ accesskey="P">previous</a> |
+ <a href="tkt_mgmt.html" title="Ticket management"
+ accesskey="N">next</a> |
+ <a href="../genindex.html" title="General Index"
+ accesskey="I">index</a> |
+ <a href="../search.html" title="Enter search criteria"
+ accesskey="S">Search</a> |
+ <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__Password management">feedback</a>
+ </div>
+ </div>
+ </div>
+
+ <div class="content-wrapper">
+ <div class="content">
+ <div class="document">
+
+ <div class="documentwrapper">
+ <div class="bodywrapper">
+ <div class="body">
+
+ <div class="section" id="password-management">
+<h1>Password management<a class="headerlink" href="#password-management" title="Permalink to this headline">¶</a></h1>
+<p>Your password is the only way Kerberos has of verifying your identity.
+If someone finds out your password, that person can masquerade as
+you&#8212;send email that comes from you, read, edit, or delete your files,
+or log into other hosts as you&#8212;and no one will be able to tell the
+difference. For this reason, it is important that you choose a good
+password, and keep it secret. If you need to give access to your
+account to someone else, you can do so through Kerberos (see
+<a class="reference internal" href="#grant-access"><em>Granting access to your account</em></a>). You should never tell your password to anyone,
+including your system administrator, for any reason. You should
+change your password frequently, particularly any time you think
+someone may have found out what it is.</p>
+<div class="section" id="changing-your-password">
+<h2>Changing your password<a class="headerlink" href="#changing-your-password" title="Permalink to this headline">¶</a></h2>
+<p>To change your Kerberos password, use the <a class="reference internal" href="user_commands/kpasswd.html#kpasswd-1"><em>kpasswd</em></a> command.
+It will ask you for your old password (to prevent someone else from
+walking up to your computer when you&#8217;re not there and changing your
+password), and then prompt you for the new one twice. (The reason you
+have to type it twice is to make sure you have typed it correctly.)
+For example, user <tt class="docutils literal"><span class="pre">david</span></tt> would do the following:</p>
+<div class="highlight-python"><div class="highlight"><pre>shell% kpasswd
+Password for david: &lt;- Type your old password.
+Enter new password: &lt;- Type your new password.
+Enter it again: &lt;- Type the new password again.
+Password changed.
+shell%
+</pre></div>
+</div>
+<p>If <tt class="docutils literal"><span class="pre">david</span></tt> typed the incorrect old password, he would get the
+following message:</p>
+<div class="highlight-python"><div class="highlight"><pre>shell% kpasswd
+Password for david: &lt;- Type the incorrect old password.
+kpasswd: Password incorrect while getting initial ticket
+shell%
+</pre></div>
+</div>
+<p>If you make a mistake and don&#8217;t type the new password the same way
+twice, kpasswd will ask you to try again:</p>
+<div class="highlight-python"><div class="highlight"><pre>shell% kpasswd
+Password for david: &lt;- Type the old password.
+Enter new password: &lt;- Type the new password.
+Enter it again: &lt;- Type a different new password.
+kpasswd: Password mismatch while reading password
+shell%
+</pre></div>
+</div>
+<p>Once you change your password, it takes some time for the change to
+propagate through the system. Depending on how your system is set up,
+this might be anywhere from a few minutes to an hour or more. If you
+need to get new Kerberos tickets shortly after changing your password,
+try the new password. If the new password doesn&#8217;t work, try again
+using the old one.</p>
+</div>
+<div class="section" id="granting-access-to-your-account">
+<span id="grant-access"></span><h2>Granting access to your account<a class="headerlink" href="#granting-access-to-your-account" title="Permalink to this headline">¶</a></h2>
+<p>If you need to give someone access to log into your account, you can
+do so through Kerberos, without telling the person your password.
+Simply create a file called <a class="reference internal" href="user_config/k5login.html#k5login-5"><em>.k5login</em></a> in your home directory.
+This file should contain the Kerberos principal of each person to whom
+you wish to give access. Each principal must be on a separate line.
+Here is a sample .k5login file:</p>
+<div class="highlight-python"><div class="highlight"><pre>jennifer@ATHENA.MIT.EDU
+david@EXAMPLE.COM
+</pre></div>
+</div>
+<p>This file would allow the users <tt class="docutils literal"><span class="pre">jennifer</span></tt> and <tt class="docutils literal"><span class="pre">david</span></tt> to use your
+user ID, provided that they had Kerberos tickets in their respective
+realms. If you will be logging into other hosts across a network, you
+will want to include your own Kerberos principal in your .k5login file
+on each of these hosts.</p>
+<p>Using a .k5login file is much safer than giving out your password,
+because:</p>
+<ul class="simple">
+<li>You can take access away any time simply by removing the principal
+from your .k5login file.</li>
+<li>Although the user has full access to your account on one particular
+host (or set of hosts if your .k5login file is shared, e.g., over
+NFS), that user does not inherit your network privileges.</li>
+<li>Kerberos keeps a log of who obtains tickets, so a system
+administrator could find out, if necessary, who was capable of using
+your user ID at a particular time.</li>
+</ul>
+<p>One common application is to have a .k5login file in root&#8217;s home
+directory, giving root access to that machine to the Kerberos
+principals listed. This allows system administrators to allow users
+to become root locally, or to log in remotely as root, without their
+having to give out the root password, and without anyone having to
+type the root password over the network.</p>
+</div>
+<div class="section" id="password-quality-verification">
+<h2>Password quality verification<a class="headerlink" href="#password-quality-verification" title="Permalink to this headline">¶</a></h2>
+<p>TODO</p>
+</div>
+</div>
+
+
+ </div>
+ </div>
+ </div>
+ </div>
+ <div class="sidebar">
+ <h2>On this page</h2>
+ <ul>
+<li><a class="reference internal" href="#">Password management</a><ul>
+<li><a class="reference internal" href="#changing-your-password">Changing your password</a></li>
+<li><a class="reference internal" href="#granting-access-to-your-account">Granting access to your account</a></li>
+<li><a class="reference internal" href="#password-quality-verification">Password quality verification</a></li>
+</ul>
+</li>
+</ul>
+
+ <br/>
+ <h2>Table of contents</h2>
+ <ul class="current">
+<li class="toctree-l1 current"><a class="reference internal" href="index.html">For users</a><ul class="current">
+<li class="toctree-l2 current"><a class="current reference internal" href="">Password management</a><ul class="simple">
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="tkt_mgmt.html">Ticket management</a></li>
+<li class="toctree-l2"><a class="reference internal" href="user_config/index.html">User config files</a></li>
+<li class="toctree-l2"><a class="reference internal" href="user_commands/index.html">User commands</a></li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="../admin/index.html">For administrators</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../appdev/index.html">For application developers</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../plugindev/index.html">For plugin module developers</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../build/index.html">Building Kerberos V5</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../basic/index.html">Kerberos V5 concepts</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../formats/index.html">Protocols and file formats</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../mitK5features.html">MIT Kerberos features</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../build_this.html">How to build this documentation from the source</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../about.html">Contributing to the MIT Kerberos Documentation</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../resources.html">Resources</a></li>
+</ul>
+
+ <br/>
+ <h4><a href="../index.html">Full Table of Contents</a></h4>
+ <h4>Search</h4>
+ <form class="search" action="../search.html" method="get">
+ <input type="text" name="q" size="18" />
+ <input type="submit" value="Go" />
+ <input type="hidden" name="check_keywords" value="yes" />
+ <input type="hidden" name="area" value="default" />
+ </form>
+ </div>
+ <div class="clearer"></div>
+ </div>
+ </div>
+
+ <div class="footer-wrapper">
+ <div class="footer" >
+ <div class="right" ><i>Release: 1.15.1</i><br />
+ &copy; <a href="../copyright.html">Copyright</a> 1985-2017, MIT.
+ </div>
+ <div class="left">
+
+ <a href="../index.html" title="Full Table of Contents"
+ >Contents</a> |
+ <a href="index.html" title="For users"
+ >previous</a> |
+ <a href="tkt_mgmt.html" title="Ticket management"
+ >next</a> |
+ <a href="../genindex.html" title="General Index"
+ >index</a> |
+ <a href="../search.html" title="Enter search criteria"
+ >Search</a> |
+ <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__Password management">feedback</a>
+ </div>
+ </div>
+ </div>
+
+ </body>
+</html> \ No newline at end of file
diff --git a/doc/html/user/tkt_mgmt.html b/doc/html/user/tkt_mgmt.html
new file mode 100644
index 000000000000..e53d41cd43db
--- /dev/null
+++ b/doc/html/user/tkt_mgmt.html
@@ -0,0 +1,459 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+ <head>
+ <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+
+ <title>Ticket management &mdash; MIT Kerberos Documentation</title>
+
+ <link rel="stylesheet" href="../_static/agogo.css" type="text/css" />
+ <link rel="stylesheet" href="../_static/pygments.css" type="text/css" />
+ <link rel="stylesheet" href="../_static/kerb.css" type="text/css" />
+
+ <script type="text/javascript">
+ var DOCUMENTATION_OPTIONS = {
+ URL_ROOT: '../',
+ VERSION: '1.15.1',
+ COLLAPSE_INDEX: false,
+ FILE_SUFFIX: '.html',
+ HAS_SOURCE: true
+ };
+ </script>
+ <script type="text/javascript" src="../_static/jquery.js"></script>
+ <script type="text/javascript" src="../_static/underscore.js"></script>
+ <script type="text/javascript" src="../_static/doctools.js"></script>
+ <link rel="author" title="About these documents" href="../about.html" />
+ <link rel="copyright" title="Copyright" href="../copyright.html" />
+ <link rel="top" title="MIT Kerberos Documentation" href="../index.html" />
+ <link rel="up" title="For users" href="index.html" />
+ <link rel="next" title="User config files" href="user_config/index.html" />
+ <link rel="prev" title="Password management" href="pwd_mgmt.html" />
+ </head>
+ <body>
+ <div class="header-wrapper">
+ <div class="header">
+
+
+ <h1><a href="../index.html">MIT Kerberos Documentation</a></h1>
+
+ <div class="rel">
+
+ <a href="../index.html" title="Full Table of Contents"
+ accesskey="C">Contents</a> |
+ <a href="pwd_mgmt.html" title="Password management"
+ accesskey="P">previous</a> |
+ <a href="user_config/index.html" title="User config files"
+ accesskey="N">next</a> |
+ <a href="../genindex.html" title="General Index"
+ accesskey="I">index</a> |
+ <a href="../search.html" title="Enter search criteria"
+ accesskey="S">Search</a> |
+ <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__Ticket management">feedback</a>
+ </div>
+ </div>
+ </div>
+
+ <div class="content-wrapper">
+ <div class="content">
+ <div class="document">
+
+ <div class="documentwrapper">
+ <div class="bodywrapper">
+ <div class="body">
+
+ <div class="section" id="ticket-management">
+<h1>Ticket management<a class="headerlink" href="#ticket-management" title="Permalink to this headline">¶</a></h1>
+<p>On many systems, Kerberos is built into the login program, and you get
+tickets automatically when you log in. Other programs, such as ssh,
+can forward copies of your tickets to a remote host. Most of these
+programs also automatically destroy your tickets when they exit.
+However, MIT recommends that you explicitly destroy your Kerberos
+tickets when you are through with them, just to be sure. One way to
+help ensure that this happens is to add the <a class="reference internal" href="user_commands/kdestroy.html#kdestroy-1"><em>kdestroy</em></a> command
+to your .logout file. Additionally, if you are going to be away from
+your machine and are concerned about an intruder using your
+permissions, it is safest to either destroy all copies of your
+tickets, or use a screensaver that locks the screen.</p>
+<div class="section" id="kerberos-ticket-properties">
+<h2>Kerberos ticket properties<a class="headerlink" href="#kerberos-ticket-properties" title="Permalink to this headline">¶</a></h2>
+<p>There are various properties that Kerberos tickets can have:</p>
+<p>If a ticket is <strong>forwardable</strong>, then the KDC can issue a new ticket
+(with a different network address, if necessary) based on the
+forwardable ticket. This allows for authentication forwarding without
+requiring a password to be typed in again. For example, if a user
+with a forwardable TGT logs into a remote system, the KDC could issue
+a new TGT for that user with the network address of the remote system,
+allowing authentication on that host to work as though the user were
+logged in locally.</p>
+<p>When the KDC creates a new ticket based on a forwardable ticket, it
+sets the <strong>forwarded</strong> flag on that new ticket. Any tickets that are
+created based on a ticket with the forwarded flag set will also have
+their forwarded flags set.</p>
+<p>A <strong>proxiable</strong> ticket is similar to a forwardable ticket in that it
+allows a service to take on the identity of the client. Unlike a
+forwardable ticket, however, a proxiable ticket is only issued for
+specific services. In other words, a ticket-granting ticket cannot be
+issued based on a ticket that is proxiable but not forwardable.</p>
+<p>A <strong>proxy</strong> ticket is one that was issued based on a proxiable ticket.</p>
+<p>A <strong>postdated</strong> ticket is issued with the invalid flag set. After the
+starting time listed on the ticket, it can be presented to the KDC to
+obtain valid tickets.</p>
+<p>Ticket-granting tickets with the <strong>postdateable</strong> flag set can be used
+to obtain postdated service tickets.</p>
+<p><strong>Renewable</strong> tickets can be used to obtain new session keys without
+the user entering their password again. A renewable ticket has two
+expiration times. The first is the time at which this particular
+ticket expires. The second is the latest possible expiration time for
+any ticket issued based on this renewable ticket.</p>
+<p>A ticket with the <strong>initial flag</strong> set was issued based on the
+authentication protocol, and not on a ticket-granting ticket.
+Application servers that wish to ensure that the user&#8217;s key has been
+recently presented for verification could specify that this flag must
+be set to accept the ticket.</p>
+<p>An <strong>invalid</strong> ticket must be rejected by application servers.
+Postdated tickets are usually issued with this flag set, and must be
+validated by the KDC before they can be used.</p>
+<p>A <strong>preauthenticated</strong> ticket is one that was only issued after the
+client requesting the ticket had authenticated itself to the KDC.</p>
+<p>The <strong>hardware authentication</strong> flag is set on a ticket which required
+the use of hardware for authentication. The hardware is expected to
+be possessed only by the client which requested the tickets.</p>
+<p>If a ticket has the <strong>transit policy</strong> checked flag set, then the KDC
+that issued this ticket implements the transited-realm check policy
+and checked the transited-realms list on the ticket. The
+transited-realms list contains a list of all intermediate realms
+between the realm of the KDC that issued the first ticket and that of
+the one that issued the current ticket. If this flag is not set, then
+the application server must check the transited realms itself or else
+reject the ticket.</p>
+<p>The <strong>okay as delegate</strong> flag indicates that the server specified in
+the ticket is suitable as a delegate as determined by the policy of
+that realm. Some client applications may use this flag to decide
+whether to forward tickets to a remote host, although many
+applications do not honor it.</p>
+<p>An <strong>anonymous</strong> ticket is one in which the named principal is a
+generic principal for that realm; it does not actually specify the
+individual that will be using the ticket. This ticket is meant only
+to securely distribute a session key.</p>
+</div>
+<div class="section" id="obtaining-tickets-with-kinit">
+<span id="obtain-tkt"></span><h2>Obtaining tickets with kinit<a class="headerlink" href="#obtaining-tickets-with-kinit" title="Permalink to this headline">¶</a></h2>
+<p>If your site has integrated Kerberos V5 with the login system, you
+will get Kerberos tickets automatically when you log in. Otherwise,
+you may need to explicitly obtain your Kerberos tickets, using the
+<a class="reference internal" href="user_commands/kinit.html#kinit-1"><em>kinit</em></a> program. Similarly, if your Kerberos tickets expire,
+use the kinit program to obtain new ones.</p>
+<p>To use the kinit program, simply type <tt class="docutils literal"><span class="pre">kinit</span></tt> and then type your
+password at the prompt. For example, Jennifer (whose username is
+<tt class="docutils literal"><span class="pre">jennifer</span></tt>) works for Bleep, Inc. (a fictitious company with the
+domain name mit.edu and the Kerberos realm ATHENA.MIT.EDU). She would
+type:</p>
+<div class="highlight-python"><div class="highlight"><pre>shell% kinit
+Password for jennifer@ATHENA.MIT.EDU: &lt;-- [Type jennifer&#39;s password here.]
+shell%
+</pre></div>
+</div>
+<p>If you type your password incorrectly, kinit will give you the
+following error message:</p>
+<div class="highlight-python"><div class="highlight"><pre>shell% kinit
+Password for jennifer@ATHENA.MIT.EDU: &lt;-- [Type the wrong password here.]
+kinit: Password incorrect
+shell%
+</pre></div>
+</div>
+<p>and you won&#8217;t get Kerberos tickets.</p>
+<p>By default, kinit assumes you want tickets for your own username in
+your default realm. Suppose Jennifer&#8217;s friend David is visiting, and
+he wants to borrow a window to check his mail. David needs to get
+tickets for himself in his own realm, EXAMPLE.COM. He would type:</p>
+<div class="highlight-python"><div class="highlight"><pre>shell% kinit david@EXAMPLE.COM
+Password for david@EXAMPLE.COM: &lt;-- [Type david&#39;s password here.]
+shell%
+</pre></div>
+</div>
+<p>David would then have tickets which he could use to log onto his own
+machine. Note that he typed his password locally on Jennifer&#8217;s
+machine, but it never went over the network. Kerberos on the local
+host performed the authentication to the KDC in the other realm.</p>
+<p>If you want to be able to forward your tickets to another host, you
+need to request forwardable tickets. You do this by specifying the
+<strong>-f</strong> option:</p>
+<div class="highlight-python"><div class="highlight"><pre>shell% kinit -f
+Password for jennifer@ATHENA.MIT.EDU: &lt;-- [Type your password here.]
+shell%
+</pre></div>
+</div>
+<p>Note that kinit does not tell you that it obtained forwardable
+tickets; you can verify this using the <a class="reference internal" href="user_commands/klist.html#klist-1"><em>klist</em></a> command (see
+<a class="reference internal" href="#view-tkt"><em>Viewing tickets with klist</em></a>).</p>
+<p>Normally, your tickets are good for your system&#8217;s default ticket
+lifetime, which is ten hours on many systems. You can specify a
+different ticket lifetime with the <strong>-l</strong> option. Add the letter
+<strong>s</strong> to the value for seconds, <strong>m</strong> for minutes, <strong>h</strong> for hours, or
+<strong>d</strong> for days. For example, to obtain forwardable tickets for
+<tt class="docutils literal"><span class="pre">david&#64;EXAMPLE.COM</span></tt> that would be good for three hours, you would
+type:</p>
+<div class="highlight-python"><div class="highlight"><pre>shell% kinit -f -l 3h david@EXAMPLE.COM
+Password for david@EXAMPLE.COM: &lt;-- [Type david&#39;s password here.]
+shell%
+</pre></div>
+</div>
+<div class="admonition note">
+<p class="first admonition-title">Note</p>
+<p class="last">You cannot mix units; specifying a lifetime of 3h30m would
+result in an error. Note also that most systems specify a
+maximum ticket lifetime. If you request a longer ticket
+lifetime, it will be automatically truncated to the maximum
+lifetime.</p>
+</div>
+</div>
+<div class="section" id="viewing-tickets-with-klist">
+<span id="view-tkt"></span><h2>Viewing tickets with klist<a class="headerlink" href="#viewing-tickets-with-klist" title="Permalink to this headline">¶</a></h2>
+<p>The <a class="reference internal" href="user_commands/klist.html#klist-1"><em>klist</em></a> command shows your tickets. When you first obtain
+tickets, you will have only the ticket-granting ticket. The listing
+would look like this:</p>
+<div class="highlight-python"><div class="highlight"><pre>shell% klist
+Ticket cache: /tmp/krb5cc_ttypa
+Default principal: jennifer@ATHENA.MIT.EDU
+
+Valid starting Expires Service principal
+06/07/04 19:49:21 06/08/04 05:49:19 krbtgt/ATHENA.MIT.EDU@ATHENA.MIT.EDU
+shell%
+</pre></div>
+</div>
+<p>The ticket cache is the location of your ticket file. In the above
+example, this file is named <tt class="docutils literal"><span class="pre">/tmp/krb5cc_ttypa</span></tt>. The default
+principal is your Kerberos principal.</p>
+<p>The &#8220;valid starting&#8221; and &#8220;expires&#8221; fields describe the period of time
+during which the ticket is valid. The &#8220;service principal&#8221; describes
+each ticket. The ticket-granting ticket has a first component
+<tt class="docutils literal"><span class="pre">krbtgt</span></tt>, and a second component which is the realm name.</p>
+<p>Now, if <tt class="docutils literal"><span class="pre">jennifer</span></tt> connected to the machine <tt class="docutils literal"><span class="pre">daffodil.mit.edu</span></tt>,
+and then typed &#8220;klist&#8221; again, she would have gotten the following
+result:</p>
+<div class="highlight-python"><div class="highlight"><pre>shell% klist
+Ticket cache: /tmp/krb5cc_ttypa
+Default principal: jennifer@ATHENA.MIT.EDU
+
+Valid starting Expires Service principal
+06/07/04 19:49:21 06/08/04 05:49:19 krbtgt/ATHENA.MIT.EDU@ATHENA.MIT.EDU
+06/07/04 20:22:30 06/08/04 05:49:19 host/daffodil.mit.edu@ATHENA.MIT.EDU
+shell%
+</pre></div>
+</div>
+<p>Here&#8217;s what happened: when <tt class="docutils literal"><span class="pre">jennifer</span></tt> used ssh to connect to the
+host <tt class="docutils literal"><span class="pre">daffodil.mit.edu</span></tt>, the ssh program presented her
+ticket-granting ticket to the KDC and requested a host ticket for the
+host <tt class="docutils literal"><span class="pre">daffodil.mit.edu</span></tt>. The KDC sent the host ticket, which ssh
+then presented to the host <tt class="docutils literal"><span class="pre">daffodil.mit.edu</span></tt>, and she was allowed
+to log in without typing her password.</p>
+<p>Suppose your Kerberos tickets allow you to log into a host in another
+domain, such as <tt class="docutils literal"><span class="pre">trillium.example.com</span></tt>, which is also in another
+Kerberos realm, <tt class="docutils literal"><span class="pre">EXAMPLE.COM</span></tt>. If you ssh to this host, you will
+receive a ticket-granting ticket for the realm <tt class="docutils literal"><span class="pre">EXAMPLE.COM</span></tt>, plus
+the new host ticket for <tt class="docutils literal"><span class="pre">trillium.example.com</span></tt>. klist will now
+show:</p>
+<div class="highlight-python"><div class="highlight"><pre>shell% klist
+Ticket cache: /tmp/krb5cc_ttypa
+Default principal: jennifer@ATHENA.MIT.EDU
+
+Valid starting Expires Service principal
+06/07/04 19:49:21 06/08/04 05:49:19 krbtgt/ATHENA.MIT.EDU@ATHENA.MIT.EDU
+06/07/04 20:22:30 06/08/04 05:49:19 host/daffodil.mit.edu@ATHENA.MIT.EDU
+06/07/04 20:24:18 06/08/04 05:49:19 krbtgt/EXAMPLE.COM@ATHENA.MIT.EDU
+06/07/04 20:24:18 06/08/04 05:49:19 host/trillium.example.com@EXAMPLE.COM
+shell%
+</pre></div>
+</div>
+<p>Depending on your host&#8217;s and realm&#8217;s configuration, you may also see a
+ticket with the service principal <tt class="docutils literal"><span class="pre">host/trillium.example.com&#64;</span></tt>. If
+so, this means that your host did not know what realm
+trillium.example.com is in, so it asked the <tt class="docutils literal"><span class="pre">ATHENA.MIT.EDU</span></tt> KDC for
+a referral. The next time you connect to <tt class="docutils literal"><span class="pre">trillium.example.com</span></tt>,
+the odd-looking entry will be used to avoid needing to ask for a
+referral again.</p>
+<p>You can use the <strong>-f</strong> option to view the flags that apply to your
+tickets. The flags are:</p>
+<table border="1" class="docutils">
+<colgroup>
+<col width="17%" />
+<col width="83%" />
+</colgroup>
+<tbody valign="top">
+<tr class="row-odd"><td>F</td>
+<td>Forwardable</td>
+</tr>
+<tr class="row-even"><td>f</td>
+<td>forwarded</td>
+</tr>
+<tr class="row-odd"><td>P</td>
+<td>Proxiable</td>
+</tr>
+<tr class="row-even"><td>p</td>
+<td>proxy</td>
+</tr>
+<tr class="row-odd"><td>D</td>
+<td>postDateable</td>
+</tr>
+<tr class="row-even"><td>d</td>
+<td>postdated</td>
+</tr>
+<tr class="row-odd"><td>R</td>
+<td>Renewable</td>
+</tr>
+<tr class="row-even"><td>I</td>
+<td>Initial</td>
+</tr>
+<tr class="row-odd"><td>i</td>
+<td>invalid</td>
+</tr>
+<tr class="row-even"><td>H</td>
+<td>Hardware authenticated</td>
+</tr>
+<tr class="row-odd"><td>A</td>
+<td>preAuthenticated</td>
+</tr>
+<tr class="row-even"><td>T</td>
+<td>Transit policy checked</td>
+</tr>
+<tr class="row-odd"><td>O</td>
+<td>Okay as delegate</td>
+</tr>
+<tr class="row-even"><td>a</td>
+<td>anonymous</td>
+</tr>
+</tbody>
+</table>
+<p>Here is a sample listing. In this example, the user <em>jennifer</em>
+obtained her initial tickets (<strong>I</strong>), which are forwardable (<strong>F</strong>)
+and postdated (<strong>d</strong>) but not yet validated (<strong>i</strong>):</p>
+<div class="highlight-python"><div class="highlight"><pre>shell% klist -f
+Ticket cache: /tmp/krb5cc_320
+Default principal: jennifer@ATHENA.MIT.EDU
+
+Valid starting Expires Service principal
+31/07/05 19:06:25 31/07/05 19:16:25 krbtgt/ATHENA.MIT.EDU@ATHENA.MIT.EDU
+ Flags: FdiI
+shell%
+</pre></div>
+</div>
+<p>In the following example, the user <em>david</em>&#8216;s tickets were forwarded
+(<strong>f</strong>) to this host from another host. The tickets are reforwardable
+(<strong>F</strong>):</p>
+<div class="highlight-python"><div class="highlight"><pre>shell% klist -f
+Ticket cache: /tmp/krb5cc_p11795
+Default principal: david@EXAMPLE.COM
+
+Valid starting Expires Service principal
+07/31/05 11:52:29 07/31/05 21:11:23 krbtgt/EXAMPLE.COM@EXAMPLE.COM
+ Flags: Ff
+07/31/05 12:03:48 07/31/05 21:11:23 host/trillium.example.com@EXAMPLE.COM
+ Flags: Ff
+shell%
+</pre></div>
+</div>
+</div>
+<div class="section" id="destroying-tickets-with-kdestroy">
+<h2>Destroying tickets with kdestroy<a class="headerlink" href="#destroying-tickets-with-kdestroy" title="Permalink to this headline">¶</a></h2>
+<p>Your Kerberos tickets are proof that you are indeed yourself, and
+tickets could be stolen if someone gains access to a computer where
+they are stored. If this happens, the person who has them can
+masquerade as you until they expire. For this reason, you should
+destroy your Kerberos tickets when you are away from your computer.</p>
+<p>Destroying your tickets is easy. Simply type kdestroy:</p>
+<div class="highlight-python"><div class="highlight"><pre>shell% kdestroy
+shell%
+</pre></div>
+</div>
+<p>If <a class="reference internal" href="user_commands/kdestroy.html#kdestroy-1"><em>kdestroy</em></a> fails to destroy your tickets, it will beep and
+give an error message. For example, if kdestroy can&#8217;t find any
+tickets to destroy, it will give the following message:</p>
+<div class="highlight-python"><div class="highlight"><pre>shell% kdestroy
+kdestroy: No credentials cache file found while destroying cache
+shell%
+</pre></div>
+</div>
+</div>
+</div>
+
+
+ </div>
+ </div>
+ </div>
+ </div>
+ <div class="sidebar">
+ <h2>On this page</h2>
+ <ul>
+<li><a class="reference internal" href="#">Ticket management</a><ul>
+<li><a class="reference internal" href="#kerberos-ticket-properties">Kerberos ticket properties</a></li>
+<li><a class="reference internal" href="#obtaining-tickets-with-kinit">Obtaining tickets with kinit</a></li>
+<li><a class="reference internal" href="#viewing-tickets-with-klist">Viewing tickets with klist</a></li>
+<li><a class="reference internal" href="#destroying-tickets-with-kdestroy">Destroying tickets with kdestroy</a></li>
+</ul>
+</li>
+</ul>
+
+ <br/>
+ <h2>Table of contents</h2>
+ <ul class="current">
+<li class="toctree-l1 current"><a class="reference internal" href="index.html">For users</a><ul class="current">
+<li class="toctree-l2"><a class="reference internal" href="pwd_mgmt.html">Password management</a></li>
+<li class="toctree-l2 current"><a class="current reference internal" href="">Ticket management</a><ul class="simple">
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="user_config/index.html">User config files</a></li>
+<li class="toctree-l2"><a class="reference internal" href="user_commands/index.html">User commands</a></li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="../admin/index.html">For administrators</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../appdev/index.html">For application developers</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../plugindev/index.html">For plugin module developers</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../build/index.html">Building Kerberos V5</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../basic/index.html">Kerberos V5 concepts</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../formats/index.html">Protocols and file formats</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../mitK5features.html">MIT Kerberos features</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../build_this.html">How to build this documentation from the source</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../about.html">Contributing to the MIT Kerberos Documentation</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../resources.html">Resources</a></li>
+</ul>
+
+ <br/>
+ <h4><a href="../index.html">Full Table of Contents</a></h4>
+ <h4>Search</h4>
+ <form class="search" action="../search.html" method="get">
+ <input type="text" name="q" size="18" />
+ <input type="submit" value="Go" />
+ <input type="hidden" name="check_keywords" value="yes" />
+ <input type="hidden" name="area" value="default" />
+ </form>
+ </div>
+ <div class="clearer"></div>
+ </div>
+ </div>
+
+ <div class="footer-wrapper">
+ <div class="footer" >
+ <div class="right" ><i>Release: 1.15.1</i><br />
+ &copy; <a href="../copyright.html">Copyright</a> 1985-2017, MIT.
+ </div>
+ <div class="left">
+
+ <a href="../index.html" title="Full Table of Contents"
+ >Contents</a> |
+ <a href="pwd_mgmt.html" title="Password management"
+ >previous</a> |
+ <a href="user_config/index.html" title="User config files"
+ >next</a> |
+ <a href="../genindex.html" title="General Index"
+ >index</a> |
+ <a href="../search.html" title="Enter search criteria"
+ >Search</a> |
+ <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__Ticket management">feedback</a>
+ </div>
+ </div>
+ </div>
+
+ </body>
+</html> \ No newline at end of file
diff --git a/doc/html/user/user_commands/index.html b/doc/html/user/user_commands/index.html
new file mode 100644
index 000000000000..fa23226e0770
--- /dev/null
+++ b/doc/html/user/user_commands/index.html
@@ -0,0 +1,164 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+ <head>
+ <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+
+ <title>User commands &mdash; MIT Kerberos Documentation</title>
+
+ <link rel="stylesheet" href="../../_static/agogo.css" type="text/css" />
+ <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
+ <link rel="stylesheet" href="../../_static/kerb.css" type="text/css" />
+
+ <script type="text/javascript">
+ var DOCUMENTATION_OPTIONS = {
+ URL_ROOT: '../../',
+ VERSION: '1.15.1',
+ COLLAPSE_INDEX: false,
+ FILE_SUFFIX: '.html',
+ HAS_SOURCE: true
+ };
+ </script>
+ <script type="text/javascript" src="../../_static/jquery.js"></script>
+ <script type="text/javascript" src="../../_static/underscore.js"></script>
+ <script type="text/javascript" src="../../_static/doctools.js"></script>
+ <link rel="author" title="About these documents" href="../../about.html" />
+ <link rel="copyright" title="Copyright" href="../../copyright.html" />
+ <link rel="top" title="MIT Kerberos Documentation" href="../../index.html" />
+ <link rel="up" title="For users" href="../index.html" />
+ <link rel="next" title="kdestroy" href="kdestroy.html" />
+ <link rel="prev" title=".k5identity" href="../user_config/k5identity.html" />
+ </head>
+ <body>
+ <div class="header-wrapper">
+ <div class="header">
+
+
+ <h1><a href="../../index.html">MIT Kerberos Documentation</a></h1>
+
+ <div class="rel">
+
+ <a href="../../index.html" title="Full Table of Contents"
+ accesskey="C">Contents</a> |
+ <a href="../user_config/k5identity.html" title=".k5identity"
+ accesskey="P">previous</a> |
+ <a href="kdestroy.html" title="kdestroy"
+ accesskey="N">next</a> |
+ <a href="../../genindex.html" title="General Index"
+ accesskey="I">index</a> |
+ <a href="../../search.html" title="Enter search criteria"
+ accesskey="S">Search</a> |
+ <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__User commands">feedback</a>
+ </div>
+ </div>
+ </div>
+
+ <div class="content-wrapper">
+ <div class="content">
+ <div class="document">
+
+ <div class="documentwrapper">
+ <div class="bodywrapper">
+ <div class="body">
+
+ <div class="section" id="user-commands">
+<span id="id1"></span><h1>User commands<a class="headerlink" href="#user-commands" title="Permalink to this headline">¶</a></h1>
+<div class="toctree-wrapper compound">
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="kdestroy.html">kdestroy</a></li>
+<li class="toctree-l1"><a class="reference internal" href="kinit.html">kinit</a></li>
+<li class="toctree-l1"><a class="reference internal" href="klist.html">klist</a></li>
+<li class="toctree-l1"><a class="reference internal" href="kpasswd.html">kpasswd</a></li>
+<li class="toctree-l1"><a class="reference internal" href="krb5-config.html">krb5-config</a></li>
+<li class="toctree-l1"><a class="reference internal" href="ksu.html">ksu</a></li>
+<li class="toctree-l1"><a class="reference internal" href="kswitch.html">kswitch</a></li>
+<li class="toctree-l1"><a class="reference internal" href="kvno.html">kvno</a></li>
+<li class="toctree-l1"><a class="reference internal" href="sclient.html">sclient</a></li>
+</ul>
+</div>
+</div>
+
+
+ </div>
+ </div>
+ </div>
+ </div>
+ <div class="sidebar">
+ <h2>On this page</h2>
+ <ul>
+<li><a class="reference internal" href="#">User commands</a></li>
+</ul>
+
+ <br/>
+ <h2>Table of contents</h2>
+ <ul class="current">
+<li class="toctree-l1 current"><a class="reference internal" href="../index.html">For users</a><ul class="current">
+<li class="toctree-l2"><a class="reference internal" href="../pwd_mgmt.html">Password management</a></li>
+<li class="toctree-l2"><a class="reference internal" href="../tkt_mgmt.html">Ticket management</a></li>
+<li class="toctree-l2"><a class="reference internal" href="../user_config/index.html">User config files</a></li>
+<li class="toctree-l2 current"><a class="current reference internal" href="">User commands</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="kdestroy.html">kdestroy</a></li>
+<li class="toctree-l3"><a class="reference internal" href="kinit.html">kinit</a></li>
+<li class="toctree-l3"><a class="reference internal" href="klist.html">klist</a></li>
+<li class="toctree-l3"><a class="reference internal" href="kpasswd.html">kpasswd</a></li>
+<li class="toctree-l3"><a class="reference internal" href="krb5-config.html">krb5-config</a></li>
+<li class="toctree-l3"><a class="reference internal" href="ksu.html">ksu</a></li>
+<li class="toctree-l3"><a class="reference internal" href="kswitch.html">kswitch</a></li>
+<li class="toctree-l3"><a class="reference internal" href="kvno.html">kvno</a></li>
+<li class="toctree-l3"><a class="reference internal" href="sclient.html">sclient</a></li>
+</ul>
+</li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="../../admin/index.html">For administrators</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../appdev/index.html">For application developers</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../plugindev/index.html">For plugin module developers</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../build/index.html">Building Kerberos V5</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../basic/index.html">Kerberos V5 concepts</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../formats/index.html">Protocols and file formats</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../mitK5features.html">MIT Kerberos features</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../build_this.html">How to build this documentation from the source</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../about.html">Contributing to the MIT Kerberos Documentation</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../resources.html">Resources</a></li>
+</ul>
+
+ <br/>
+ <h4><a href="../../index.html">Full Table of Contents</a></h4>
+ <h4>Search</h4>
+ <form class="search" action="../../search.html" method="get">
+ <input type="text" name="q" size="18" />
+ <input type="submit" value="Go" />
+ <input type="hidden" name="check_keywords" value="yes" />
+ <input type="hidden" name="area" value="default" />
+ </form>
+ </div>
+ <div class="clearer"></div>
+ </div>
+ </div>
+
+ <div class="footer-wrapper">
+ <div class="footer" >
+ <div class="right" ><i>Release: 1.15.1</i><br />
+ &copy; <a href="../../copyright.html">Copyright</a> 1985-2017, MIT.
+ </div>
+ <div class="left">
+
+ <a href="../../index.html" title="Full Table of Contents"
+ >Contents</a> |
+ <a href="../user_config/k5identity.html" title=".k5identity"
+ >previous</a> |
+ <a href="kdestroy.html" title="kdestroy"
+ >next</a> |
+ <a href="../../genindex.html" title="General Index"
+ >index</a> |
+ <a href="../../search.html" title="Enter search criteria"
+ >Search</a> |
+ <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__User commands">feedback</a>
+ </div>
+ </div>
+ </div>
+
+ </body>
+</html> \ No newline at end of file
diff --git a/doc/html/user/user_commands/kdestroy.html b/doc/html/user/user_commands/kdestroy.html
new file mode 100644
index 000000000000..beb7ca0c3e7a
--- /dev/null
+++ b/doc/html/user/user_commands/kdestroy.html
@@ -0,0 +1,223 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+ <head>
+ <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+
+ <title>kdestroy &mdash; MIT Kerberos Documentation</title>
+
+ <link rel="stylesheet" href="../../_static/agogo.css" type="text/css" />
+ <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
+ <link rel="stylesheet" href="../../_static/kerb.css" type="text/css" />
+
+ <script type="text/javascript">
+ var DOCUMENTATION_OPTIONS = {
+ URL_ROOT: '../../',
+ VERSION: '1.15.1',
+ COLLAPSE_INDEX: false,
+ FILE_SUFFIX: '.html',
+ HAS_SOURCE: true
+ };
+ </script>
+ <script type="text/javascript" src="../../_static/jquery.js"></script>
+ <script type="text/javascript" src="../../_static/underscore.js"></script>
+ <script type="text/javascript" src="../../_static/doctools.js"></script>
+ <link rel="author" title="About these documents" href="../../about.html" />
+ <link rel="copyright" title="Copyright" href="../../copyright.html" />
+ <link rel="top" title="MIT Kerberos Documentation" href="../../index.html" />
+ <link rel="up" title="User commands" href="index.html" />
+ <link rel="next" title="kinit" href="kinit.html" />
+ <link rel="prev" title="User commands" href="index.html" />
+ </head>
+ <body>
+ <div class="header-wrapper">
+ <div class="header">
+
+
+ <h1><a href="../../index.html">MIT Kerberos Documentation</a></h1>
+
+ <div class="rel">
+
+ <a href="../../index.html" title="Full Table of Contents"
+ accesskey="C">Contents</a> |
+ <a href="index.html" title="User commands"
+ accesskey="P">previous</a> |
+ <a href="kinit.html" title="kinit"
+ accesskey="N">next</a> |
+ <a href="../../genindex.html" title="General Index"
+ accesskey="I">index</a> |
+ <a href="../../search.html" title="Enter search criteria"
+ accesskey="S">Search</a> |
+ <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__kdestroy">feedback</a>
+ </div>
+ </div>
+ </div>
+
+ <div class="content-wrapper">
+ <div class="content">
+ <div class="document">
+
+ <div class="documentwrapper">
+ <div class="bodywrapper">
+ <div class="body">
+
+ <div class="section" id="kdestroy">
+<span id="kdestroy-1"></span><h1>kdestroy<a class="headerlink" href="#kdestroy" title="Permalink to this headline">¶</a></h1>
+<div class="section" id="synopsis">
+<h2>SYNOPSIS<a class="headerlink" href="#synopsis" title="Permalink to this headline">¶</a></h2>
+<p><strong>kdestroy</strong>
+[<strong>-A</strong>]
+[<strong>-q</strong>]
+[<strong>-c</strong> <em>cache_name</em>]</p>
+</div>
+<div class="section" id="description">
+<h2>DESCRIPTION<a class="headerlink" href="#description" title="Permalink to this headline">¶</a></h2>
+<p>The kdestroy utility destroys the user&#8217;s active Kerberos authorization
+tickets by overwriting and deleting the credentials cache that
+contains them. If the credentials cache is not specified, the default
+credentials cache is destroyed.</p>
+</div>
+<div class="section" id="options">
+<h2>OPTIONS<a class="headerlink" href="#options" title="Permalink to this headline">¶</a></h2>
+<dl class="docutils">
+<dt><strong>-A</strong></dt>
+<dd>Destroys all caches in the collection, if a cache collection is
+available.</dd>
+<dt><strong>-q</strong></dt>
+<dd>Run quietly. Normally kdestroy beeps if it fails to destroy the
+user&#8217;s tickets. The <strong>-q</strong> flag suppresses this behavior.</dd>
+<dt><strong>-c</strong> <em>cache_name</em></dt>
+<dd><p class="first">Use <em>cache_name</em> as the credentials (ticket) cache name and
+location; if this option is not used, the default cache name and
+location are used.</p>
+<p class="last">The default credentials cache may vary between systems. If the
+<strong>KRB5CCNAME</strong> environment variable is set, its value is used to
+name the default ticket cache.</p>
+</dd>
+</dl>
+</div>
+<div class="section" id="note">
+<h2>NOTE<a class="headerlink" href="#note" title="Permalink to this headline">¶</a></h2>
+<p>Most installations recommend that you place the kdestroy command in
+your .logout file, so that your tickets are destroyed automatically
+when you log out.</p>
+</div>
+<div class="section" id="environment">
+<h2>ENVIRONMENT<a class="headerlink" href="#environment" title="Permalink to this headline">¶</a></h2>
+<p>kdestroy uses the following environment variable:</p>
+<dl class="docutils">
+<dt><strong>KRB5CCNAME</strong></dt>
+<dd>Location of the default Kerberos 5 credentials (ticket) cache, in
+the form <em>type</em>:<em>residual</em>. If no <em>type</em> prefix is present, the
+<strong>FILE</strong> type is assumed. The type of the default cache may
+determine the availability of a cache collection; for instance, a
+default cache of type <strong>DIR</strong> causes caches within the directory
+to be present in the collection.</dd>
+</dl>
+</div>
+<div class="section" id="files">
+<h2>FILES<a class="headerlink" href="#files" title="Permalink to this headline">¶</a></h2>
+<dl class="docutils">
+<dt><a class="reference internal" href="../../mitK5defaults.html#paths"><em>DEFCCNAME</em></a></dt>
+<dd>Default location of Kerberos 5 credentials cache</dd>
+</dl>
+</div>
+<div class="section" id="see-also">
+<h2>SEE ALSO<a class="headerlink" href="#see-also" title="Permalink to this headline">¶</a></h2>
+<p><a class="reference internal" href="kinit.html#kinit-1"><em>kinit</em></a>, <a class="reference internal" href="klist.html#klist-1"><em>klist</em></a></p>
+</div>
+</div>
+
+
+ </div>
+ </div>
+ </div>
+ </div>
+ <div class="sidebar">
+ <h2>On this page</h2>
+ <ul>
+<li><a class="reference internal" href="#">kdestroy</a><ul>
+<li><a class="reference internal" href="#synopsis">SYNOPSIS</a></li>
+<li><a class="reference internal" href="#description">DESCRIPTION</a></li>
+<li><a class="reference internal" href="#options">OPTIONS</a></li>
+<li><a class="reference internal" href="#note">NOTE</a></li>
+<li><a class="reference internal" href="#environment">ENVIRONMENT</a></li>
+<li><a class="reference internal" href="#files">FILES</a></li>
+<li><a class="reference internal" href="#see-also">SEE ALSO</a></li>
+</ul>
+</li>
+</ul>
+
+ <br/>
+ <h2>Table of contents</h2>
+ <ul class="current">
+<li class="toctree-l1 current"><a class="reference internal" href="../index.html">For users</a><ul class="current">
+<li class="toctree-l2"><a class="reference internal" href="../pwd_mgmt.html">Password management</a></li>
+<li class="toctree-l2"><a class="reference internal" href="../tkt_mgmt.html">Ticket management</a></li>
+<li class="toctree-l2"><a class="reference internal" href="../user_config/index.html">User config files</a></li>
+<li class="toctree-l2 current"><a class="reference internal" href="index.html">User commands</a><ul class="current">
+<li class="toctree-l3 current"><a class="current reference internal" href="">kdestroy</a></li>
+<li class="toctree-l3"><a class="reference internal" href="kinit.html">kinit</a></li>
+<li class="toctree-l3"><a class="reference internal" href="klist.html">klist</a></li>
+<li class="toctree-l3"><a class="reference internal" href="kpasswd.html">kpasswd</a></li>
+<li class="toctree-l3"><a class="reference internal" href="krb5-config.html">krb5-config</a></li>
+<li class="toctree-l3"><a class="reference internal" href="ksu.html">ksu</a></li>
+<li class="toctree-l3"><a class="reference internal" href="kswitch.html">kswitch</a></li>
+<li class="toctree-l3"><a class="reference internal" href="kvno.html">kvno</a></li>
+<li class="toctree-l3"><a class="reference internal" href="sclient.html">sclient</a></li>
+</ul>
+</li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="../../admin/index.html">For administrators</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../appdev/index.html">For application developers</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../plugindev/index.html">For plugin module developers</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../build/index.html">Building Kerberos V5</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../basic/index.html">Kerberos V5 concepts</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../formats/index.html">Protocols and file formats</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../mitK5features.html">MIT Kerberos features</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../build_this.html">How to build this documentation from the source</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../about.html">Contributing to the MIT Kerberos Documentation</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../resources.html">Resources</a></li>
+</ul>
+
+ <br/>
+ <h4><a href="../../index.html">Full Table of Contents</a></h4>
+ <h4>Search</h4>
+ <form class="search" action="../../search.html" method="get">
+ <input type="text" name="q" size="18" />
+ <input type="submit" value="Go" />
+ <input type="hidden" name="check_keywords" value="yes" />
+ <input type="hidden" name="area" value="default" />
+ </form>
+ </div>
+ <div class="clearer"></div>
+ </div>
+ </div>
+
+ <div class="footer-wrapper">
+ <div class="footer" >
+ <div class="right" ><i>Release: 1.15.1</i><br />
+ &copy; <a href="../../copyright.html">Copyright</a> 1985-2017, MIT.
+ </div>
+ <div class="left">
+
+ <a href="../../index.html" title="Full Table of Contents"
+ >Contents</a> |
+ <a href="index.html" title="User commands"
+ >previous</a> |
+ <a href="kinit.html" title="kinit"
+ >next</a> |
+ <a href="../../genindex.html" title="General Index"
+ >index</a> |
+ <a href="../../search.html" title="Enter search criteria"
+ >Search</a> |
+ <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__kdestroy">feedback</a>
+ </div>
+ </div>
+ </div>
+
+ </body>
+</html> \ No newline at end of file
diff --git a/doc/html/user/user_commands/kinit.html b/doc/html/user/user_commands/kinit.html
new file mode 100644
index 000000000000..0b877cc2763e
--- /dev/null
+++ b/doc/html/user/user_commands/kinit.html
@@ -0,0 +1,354 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+ <head>
+ <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+
+ <title>kinit &mdash; MIT Kerberos Documentation</title>
+
+ <link rel="stylesheet" href="../../_static/agogo.css" type="text/css" />
+ <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
+ <link rel="stylesheet" href="../../_static/kerb.css" type="text/css" />
+
+ <script type="text/javascript">
+ var DOCUMENTATION_OPTIONS = {
+ URL_ROOT: '../../',
+ VERSION: '1.15.1',
+ COLLAPSE_INDEX: false,
+ FILE_SUFFIX: '.html',
+ HAS_SOURCE: true
+ };
+ </script>
+ <script type="text/javascript" src="../../_static/jquery.js"></script>
+ <script type="text/javascript" src="../../_static/underscore.js"></script>
+ <script type="text/javascript" src="../../_static/doctools.js"></script>
+ <link rel="author" title="About these documents" href="../../about.html" />
+ <link rel="copyright" title="Copyright" href="../../copyright.html" />
+ <link rel="top" title="MIT Kerberos Documentation" href="../../index.html" />
+ <link rel="up" title="User commands" href="index.html" />
+ <link rel="next" title="klist" href="klist.html" />
+ <link rel="prev" title="kdestroy" href="kdestroy.html" />
+ </head>
+ <body>
+ <div class="header-wrapper">
+ <div class="header">
+
+
+ <h1><a href="../../index.html">MIT Kerberos Documentation</a></h1>
+
+ <div class="rel">
+
+ <a href="../../index.html" title="Full Table of Contents"
+ accesskey="C">Contents</a> |
+ <a href="kdestroy.html" title="kdestroy"
+ accesskey="P">previous</a> |
+ <a href="klist.html" title="klist"
+ accesskey="N">next</a> |
+ <a href="../../genindex.html" title="General Index"
+ accesskey="I">index</a> |
+ <a href="../../search.html" title="Enter search criteria"
+ accesskey="S">Search</a> |
+ <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__kinit">feedback</a>
+ </div>
+ </div>
+ </div>
+
+ <div class="content-wrapper">
+ <div class="content">
+ <div class="document">
+
+ <div class="documentwrapper">
+ <div class="bodywrapper">
+ <div class="body">
+
+ <div class="section" id="kinit">
+<span id="kinit-1"></span><h1>kinit<a class="headerlink" href="#kinit" title="Permalink to this headline">¶</a></h1>
+<div class="section" id="synopsis">
+<h2>SYNOPSIS<a class="headerlink" href="#synopsis" title="Permalink to this headline">¶</a></h2>
+<p><strong>kinit</strong>
+[<strong>-V</strong>]
+[<strong>-l</strong> <em>lifetime</em>]
+[<strong>-s</strong> <em>start_time</em>]
+[<strong>-r</strong> <em>renewable_life</em>]
+[<strong>-p</strong> | -<strong>P</strong>]
+[<strong>-f</strong> | -<strong>F</strong>]
+[<strong>-a</strong>]
+[<strong>-A</strong>]
+[<strong>-C</strong>]
+[<strong>-E</strong>]
+[<strong>-v</strong>]
+[<strong>-R</strong>]
+[<strong>-k</strong> [-<strong>t</strong> <em>keytab_file</em>]]
+[<strong>-c</strong> <em>cache_name</em>]
+[<strong>-n</strong>]
+[<strong>-S</strong> <em>service_name</em>]
+[<strong>-I</strong> <em>input_ccache</em>]
+[<strong>-T</strong> <em>armor_ccache</em>]
+[<strong>-X</strong> <em>attribute</em>[=<em>value</em>]]
+[<em>principal</em>]</p>
+</div>
+<div class="section" id="description">
+<h2>DESCRIPTION<a class="headerlink" href="#description" title="Permalink to this headline">¶</a></h2>
+<p>kinit obtains and caches an initial ticket-granting ticket for
+<em>principal</em>. If <em>principal</em> is absent, kinit chooses an appropriate
+principal name based on existing credential cache contents or the
+local username of the user invoking kinit. Some options modify the
+choice of principal name.</p>
+</div>
+<div class="section" id="options">
+<h2>OPTIONS<a class="headerlink" href="#options" title="Permalink to this headline">¶</a></h2>
+<dl class="docutils">
+<dt><strong>-V</strong></dt>
+<dd>display verbose output.</dd>
+<dt><strong>-l</strong> <em>lifetime</em></dt>
+<dd><p class="first">(<a class="reference internal" href="../../basic/date_format.html#duration"><em>Time duration</em></a> string.) Requests a ticket with the lifetime
+<em>lifetime</em>.</p>
+<p>For example, <tt class="docutils literal"><span class="pre">kinit</span> <span class="pre">-l</span> <span class="pre">5:30</span></tt> or <tt class="docutils literal"><span class="pre">kinit</span> <span class="pre">-l</span> <span class="pre">5h30m</span></tt>.</p>
+<p class="last">If the <strong>-l</strong> option is not specified, the default ticket lifetime
+(configured by each site) is used. Specifying a ticket lifetime
+longer than the maximum ticket lifetime (configured by each site)
+will not override the configured maximum ticket lifetime.</p>
+</dd>
+<dt><strong>-s</strong> <em>start_time</em></dt>
+<dd><p class="first">(<a class="reference internal" href="../../basic/date_format.html#duration"><em>Time duration</em></a> string.) Requests a postdated ticket. Postdated
+tickets are issued with the <strong>invalid</strong> flag set, and need to be
+resubmitted to the KDC for validation before use.</p>
+<p class="last"><em>start_time</em> specifies the duration of the delay before the ticket
+can become valid.</p>
+</dd>
+<dt><strong>-r</strong> <em>renewable_life</em></dt>
+<dd>(<a class="reference internal" href="../../basic/date_format.html#duration"><em>Time duration</em></a> string.) Requests renewable tickets, with a total
+lifetime of <em>renewable_life</em>.</dd>
+<dt><strong>-f</strong></dt>
+<dd>requests forwardable tickets.</dd>
+<dt><strong>-F</strong></dt>
+<dd>requests non-forwardable tickets.</dd>
+<dt><strong>-p</strong></dt>
+<dd>requests proxiable tickets.</dd>
+<dt><strong>-P</strong></dt>
+<dd>requests non-proxiable tickets.</dd>
+<dt><strong>-a</strong></dt>
+<dd>requests tickets restricted to the host&#8217;s local address[es].</dd>
+<dt><strong>-A</strong></dt>
+<dd>requests tickets not restricted by address.</dd>
+<dt><strong>-C</strong></dt>
+<dd>requests canonicalization of the principal name, and allows the
+KDC to reply with a different client principal from the one
+requested.</dd>
+<dt><strong>-E</strong></dt>
+<dd>treats the principal name as an enterprise name (implies the
+<strong>-C</strong> option).</dd>
+<dt><strong>-v</strong></dt>
+<dd>requests that the ticket-granting ticket in the cache (with the
+<strong>invalid</strong> flag set) be passed to the KDC for validation. If the
+ticket is within its requested time range, the cache is replaced
+with the validated ticket.</dd>
+<dt><strong>-R</strong></dt>
+<dd><p class="first">requests renewal of the ticket-granting ticket. Note that an
+expired ticket cannot be renewed, even if the ticket is still
+within its renewable life.</p>
+<p class="last">Note that renewable tickets that have expired as reported by
+<a class="reference internal" href="klist.html#klist-1"><em>klist</em></a> may sometimes be renewed using this option,
+because the KDC applies a grace period to account for client-KDC
+clock skew. See <a class="reference internal" href="../../admin/conf_files/krb5_conf.html#krb5-conf-5"><em>krb5.conf</em></a> <strong>clockskew</strong> setting.</p>
+</dd>
+<dt><strong>-k</strong> [<strong>-i</strong> | <strong>-t</strong> <em>keytab_file</em>]</dt>
+<dd>requests a ticket, obtained from a key in the local host&#8217;s keytab.
+The location of the keytab may be specified with the <strong>-t</strong>
+<em>keytab_file</em> option, or with the <strong>-i</strong> option to specify the use
+of the default client keytab; otherwise the default keytab will be
+used. By default, a host ticket for the local host is requested,
+but any principal may be specified. On a KDC, the special keytab
+location <tt class="docutils literal"><span class="pre">KDB:</span></tt> can be used to indicate that kinit should open
+the KDC database and look up the key directly. This permits an
+administrator to obtain tickets as any principal that supports
+authentication based on the key.</dd>
+<dt><strong>-n</strong></dt>
+<dd><p class="first">Requests anonymous processing. Two types of anonymous principals
+are supported.</p>
+<p>For fully anonymous Kerberos, configure pkinit on the KDC and
+configure <strong>pkinit_anchors</strong> in the client&#8217;s <a class="reference internal" href="../../admin/conf_files/krb5_conf.html#krb5-conf-5"><em>krb5.conf</em></a>.
+Then use the <strong>-n</strong> option with a principal of the form <tt class="docutils literal"><span class="pre">&#64;REALM</span></tt>
+(an empty principal name followed by the at-sign and a realm
+name). If permitted by the KDC, an anonymous ticket will be
+returned.</p>
+<p>A second form of anonymous tickets is supported; these
+realm-exposed tickets hide the identity of the client but not the
+client&#8217;s realm. For this mode, use <tt class="docutils literal"><span class="pre">kinit</span> <span class="pre">-n</span></tt> with a normal
+principal name. If supported by the KDC, the principal (but not
+realm) will be replaced by the anonymous principal.</p>
+<p class="last">As of release 1.8, the MIT Kerberos KDC only supports fully
+anonymous operation.</p>
+</dd>
+</dl>
+<p><strong>-I</strong> <em>input_ccache</em></p>
+<blockquote>
+<div>Specifies the name of a credentials cache that already contains a
+ticket. When obtaining that ticket, if information about how that
+ticket was obtained was also stored to the cache, that information
+will be used to affect how new credentials are obtained, including
+preselecting the same methods of authenticating to the KDC.</div></blockquote>
+<dl class="docutils">
+<dt><strong>-T</strong> <em>armor_ccache</em></dt>
+<dd>Specifies the name of a credentials cache that already contains a
+ticket. If supported by the KDC, this cache will be used to armor
+the request, preventing offline dictionary attacks and allowing
+the use of additional preauthentication mechanisms. Armoring also
+makes sure that the response from the KDC is not modified in
+transit.</dd>
+<dt><strong>-c</strong> <em>cache_name</em></dt>
+<dd><p class="first">use <em>cache_name</em> as the Kerberos 5 credentials (ticket) cache
+location. If this option is not used, the default cache location
+is used.</p>
+<p class="last">The default cache location may vary between systems. If the
+<strong>KRB5CCNAME</strong> environment variable is set, its value is used to
+locate the default cache. If a principal name is specified and
+the type of the default cache supports a collection (such as the
+DIR type), an existing cache containing credentials for the
+principal is selected or a new one is created and becomes the new
+primary cache. Otherwise, any existing contents of the default
+cache are destroyed by kinit.</p>
+</dd>
+<dt><strong>-S</strong> <em>service_name</em></dt>
+<dd>specify an alternate service name to use when getting initial
+tickets.</dd>
+<dt><strong>-X</strong> <em>attribute</em>[=<em>value</em>]</dt>
+<dd><p class="first">specify a pre-authentication <em>attribute</em> and <em>value</em> to be
+interpreted by pre-authentication modules. The acceptable
+attribute and value values vary from module to module. This
+option may be specified multiple times to specify multiple
+attributes. If no value is specified, it is assumed to be &#8220;yes&#8221;.</p>
+<p>The following attributes are recognized by the PKINIT
+pre-authentication mechanism:</p>
+<dl class="last docutils">
+<dt><strong>X509_user_identity</strong>=<em>value</em></dt>
+<dd>specify where to find user&#8217;s X509 identity information</dd>
+<dt><strong>X509_anchors</strong>=<em>value</em></dt>
+<dd>specify where to find trusted X509 anchor information</dd>
+<dt><strong>flag_RSA_PROTOCOL</strong>[<strong>=yes</strong>]</dt>
+<dd>specify use of RSA, rather than the default Diffie-Hellman
+protocol</dd>
+</dl>
+</dd>
+</dl>
+</div>
+<div class="section" id="environment">
+<h2>ENVIRONMENT<a class="headerlink" href="#environment" title="Permalink to this headline">¶</a></h2>
+<p>kinit uses the following environment variables:</p>
+<dl class="docutils">
+<dt><strong>KRB5CCNAME</strong></dt>
+<dd>Location of the default Kerberos 5 credentials cache, in the form
+<em>type</em>:<em>residual</em>. If no <em>type</em> prefix is present, the <strong>FILE</strong>
+type is assumed. The type of the default cache may determine the
+availability of a cache collection; for instance, a default cache
+of type <strong>DIR</strong> causes caches within the directory to be present
+in the collection.</dd>
+</dl>
+</div>
+<div class="section" id="files">
+<h2>FILES<a class="headerlink" href="#files" title="Permalink to this headline">¶</a></h2>
+<dl class="docutils">
+<dt><a class="reference internal" href="../../mitK5defaults.html#paths"><em>DEFCCNAME</em></a></dt>
+<dd>default location of Kerberos 5 credentials cache</dd>
+<dt><a class="reference internal" href="../../mitK5defaults.html#paths"><em>DEFKTNAME</em></a></dt>
+<dd>default location for the local host&#8217;s keytab.</dd>
+</dl>
+</div>
+<div class="section" id="see-also">
+<h2>SEE ALSO<a class="headerlink" href="#see-also" title="Permalink to this headline">¶</a></h2>
+<p><a class="reference internal" href="klist.html#klist-1"><em>klist</em></a>, <a class="reference internal" href="kdestroy.html#kdestroy-1"><em>kdestroy</em></a>, kerberos(1)</p>
+</div>
+</div>
+
+
+ </div>
+ </div>
+ </div>
+ </div>
+ <div class="sidebar">
+ <h2>On this page</h2>
+ <ul>
+<li><a class="reference internal" href="#">kinit</a><ul>
+<li><a class="reference internal" href="#synopsis">SYNOPSIS</a></li>
+<li><a class="reference internal" href="#description">DESCRIPTION</a></li>
+<li><a class="reference internal" href="#options">OPTIONS</a></li>
+<li><a class="reference internal" href="#environment">ENVIRONMENT</a></li>
+<li><a class="reference internal" href="#files">FILES</a></li>
+<li><a class="reference internal" href="#see-also">SEE ALSO</a></li>
+</ul>
+</li>
+</ul>
+
+ <br/>
+ <h2>Table of contents</h2>
+ <ul class="current">
+<li class="toctree-l1 current"><a class="reference internal" href="../index.html">For users</a><ul class="current">
+<li class="toctree-l2"><a class="reference internal" href="../pwd_mgmt.html">Password management</a></li>
+<li class="toctree-l2"><a class="reference internal" href="../tkt_mgmt.html">Ticket management</a></li>
+<li class="toctree-l2"><a class="reference internal" href="../user_config/index.html">User config files</a></li>
+<li class="toctree-l2 current"><a class="reference internal" href="index.html">User commands</a><ul class="current">
+<li class="toctree-l3"><a class="reference internal" href="kdestroy.html">kdestroy</a></li>
+<li class="toctree-l3 current"><a class="current reference internal" href="">kinit</a></li>
+<li class="toctree-l3"><a class="reference internal" href="klist.html">klist</a></li>
+<li class="toctree-l3"><a class="reference internal" href="kpasswd.html">kpasswd</a></li>
+<li class="toctree-l3"><a class="reference internal" href="krb5-config.html">krb5-config</a></li>
+<li class="toctree-l3"><a class="reference internal" href="ksu.html">ksu</a></li>
+<li class="toctree-l3"><a class="reference internal" href="kswitch.html">kswitch</a></li>
+<li class="toctree-l3"><a class="reference internal" href="kvno.html">kvno</a></li>
+<li class="toctree-l3"><a class="reference internal" href="sclient.html">sclient</a></li>
+</ul>
+</li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="../../admin/index.html">For administrators</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../appdev/index.html">For application developers</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../plugindev/index.html">For plugin module developers</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../build/index.html">Building Kerberos V5</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../basic/index.html">Kerberos V5 concepts</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../formats/index.html">Protocols and file formats</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../mitK5features.html">MIT Kerberos features</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../build_this.html">How to build this documentation from the source</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../about.html">Contributing to the MIT Kerberos Documentation</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../resources.html">Resources</a></li>
+</ul>
+
+ <br/>
+ <h4><a href="../../index.html">Full Table of Contents</a></h4>
+ <h4>Search</h4>
+ <form class="search" action="../../search.html" method="get">
+ <input type="text" name="q" size="18" />
+ <input type="submit" value="Go" />
+ <input type="hidden" name="check_keywords" value="yes" />
+ <input type="hidden" name="area" value="default" />
+ </form>
+ </div>
+ <div class="clearer"></div>
+ </div>
+ </div>
+
+ <div class="footer-wrapper">
+ <div class="footer" >
+ <div class="right" ><i>Release: 1.15.1</i><br />
+ &copy; <a href="../../copyright.html">Copyright</a> 1985-2017, MIT.
+ </div>
+ <div class="left">
+
+ <a href="../../index.html" title="Full Table of Contents"
+ >Contents</a> |
+ <a href="kdestroy.html" title="kdestroy"
+ >previous</a> |
+ <a href="klist.html" title="klist"
+ >next</a> |
+ <a href="../../genindex.html" title="General Index"
+ >index</a> |
+ <a href="../../search.html" title="Enter search criteria"
+ >Search</a> |
+ <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__kinit">feedback</a>
+ </div>
+ </div>
+ </div>
+
+ </body>
+</html> \ No newline at end of file
diff --git a/doc/html/user/user_commands/klist.html b/doc/html/user/user_commands/klist.html
new file mode 100644
index 000000000000..631af750ace8
--- /dev/null
+++ b/doc/html/user/user_commands/klist.html
@@ -0,0 +1,268 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+ <head>
+ <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+
+ <title>klist &mdash; MIT Kerberos Documentation</title>
+
+ <link rel="stylesheet" href="../../_static/agogo.css" type="text/css" />
+ <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
+ <link rel="stylesheet" href="../../_static/kerb.css" type="text/css" />
+
+ <script type="text/javascript">
+ var DOCUMENTATION_OPTIONS = {
+ URL_ROOT: '../../',
+ VERSION: '1.15.1',
+ COLLAPSE_INDEX: false,
+ FILE_SUFFIX: '.html',
+ HAS_SOURCE: true
+ };
+ </script>
+ <script type="text/javascript" src="../../_static/jquery.js"></script>
+ <script type="text/javascript" src="../../_static/underscore.js"></script>
+ <script type="text/javascript" src="../../_static/doctools.js"></script>
+ <link rel="author" title="About these documents" href="../../about.html" />
+ <link rel="copyright" title="Copyright" href="../../copyright.html" />
+ <link rel="top" title="MIT Kerberos Documentation" href="../../index.html" />
+ <link rel="up" title="User commands" href="index.html" />
+ <link rel="next" title="kpasswd" href="kpasswd.html" />
+ <link rel="prev" title="kinit" href="kinit.html" />
+ </head>
+ <body>
+ <div class="header-wrapper">
+ <div class="header">
+
+
+ <h1><a href="../../index.html">MIT Kerberos Documentation</a></h1>
+
+ <div class="rel">
+
+ <a href="../../index.html" title="Full Table of Contents"
+ accesskey="C">Contents</a> |
+ <a href="kinit.html" title="kinit"
+ accesskey="P">previous</a> |
+ <a href="kpasswd.html" title="kpasswd"
+ accesskey="N">next</a> |
+ <a href="../../genindex.html" title="General Index"
+ accesskey="I">index</a> |
+ <a href="../../search.html" title="Enter search criteria"
+ accesskey="S">Search</a> |
+ <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__klist">feedback</a>
+ </div>
+ </div>
+ </div>
+
+ <div class="content-wrapper">
+ <div class="content">
+ <div class="document">
+
+ <div class="documentwrapper">
+ <div class="bodywrapper">
+ <div class="body">
+
+ <div class="section" id="klist">
+<span id="klist-1"></span><h1>klist<a class="headerlink" href="#klist" title="Permalink to this headline">¶</a></h1>
+<div class="section" id="synopsis">
+<h2>SYNOPSIS<a class="headerlink" href="#synopsis" title="Permalink to this headline">¶</a></h2>
+<p><strong>klist</strong>
+[<strong>-e</strong>]
+[[<strong>-c</strong>] [<strong>-l</strong>] [<strong>-A</strong>] [<strong>-f</strong>] [<strong>-s</strong>] [<strong>-a</strong> [<strong>-n</strong>]]]
+[<strong>-C</strong>]
+[<strong>-k</strong> [<strong>-t</strong>] [<strong>-K</strong>]]
+[<strong>-V</strong>]
+[<em>cache_name</em>|<em>keytab_name</em>]</p>
+</div>
+<div class="section" id="description">
+<h2>DESCRIPTION<a class="headerlink" href="#description" title="Permalink to this headline">¶</a></h2>
+<p>klist lists the Kerberos principal and Kerberos tickets held in a
+credentials cache, or the keys held in a keytab file.</p>
+</div>
+<div class="section" id="options">
+<h2>OPTIONS<a class="headerlink" href="#options" title="Permalink to this headline">¶</a></h2>
+<dl class="docutils">
+<dt><strong>-e</strong></dt>
+<dd>Displays the encryption types of the session key and the ticket
+for each credential in the credential cache, or each key in the
+keytab file.</dd>
+<dt><strong>-l</strong></dt>
+<dd>If a cache collection is available, displays a table summarizing
+the caches present in the collection.</dd>
+<dt><strong>-A</strong></dt>
+<dd>If a cache collection is available, displays the contents of all
+of the caches in the collection.</dd>
+<dt><strong>-c</strong></dt>
+<dd>List tickets held in a credentials cache. This is the default if
+neither <strong>-c</strong> nor <strong>-k</strong> is specified.</dd>
+<dt><strong>-f</strong></dt>
+<dd><p class="first">Shows the flags present in the credentials, using the following
+abbreviations:</p>
+<div class="last highlight-python"><div class="highlight"><pre>F Forwardable
+f forwarded
+P Proxiable
+p proxy
+D postDateable
+d postdated
+R Renewable
+I Initial
+i invalid
+H Hardware authenticated
+A preAuthenticated
+T Transit policy checked
+O Okay as delegate
+a anonymous
+</pre></div>
+</div>
+</dd>
+<dt><strong>-s</strong></dt>
+<dd>Causes klist to run silently (produce no output). klist will exit
+with status 1 if the credentials cache cannot be read or is
+expired, and with status 0 otherwise.</dd>
+<dt><strong>-a</strong></dt>
+<dd>Display list of addresses in credentials.</dd>
+<dt><strong>-n</strong></dt>
+<dd>Show numeric addresses instead of reverse-resolving addresses.</dd>
+<dt><strong>-C</strong></dt>
+<dd>List configuration data that has been stored in the credentials
+cache when klist encounters it. By default, configuration data
+is not listed.</dd>
+<dt><strong>-k</strong></dt>
+<dd>List keys held in a keytab file.</dd>
+<dt><strong>-i</strong></dt>
+<dd>In combination with <strong>-k</strong>, defaults to using the default client
+keytab instead of the default acceptor keytab, if no name is
+given.</dd>
+<dt><strong>-t</strong></dt>
+<dd>Display the time entry timestamps for each keytab entry in the
+keytab file.</dd>
+<dt><strong>-K</strong></dt>
+<dd>Display the value of the encryption key in each keytab entry in
+the keytab file.</dd>
+<dt><strong>-V</strong></dt>
+<dd>Display the Kerberos version number and exit.</dd>
+</dl>
+<p>If <em>cache_name</em> or <em>keytab_name</em> is not specified, klist will display
+the credentials in the default credentials cache or keytab file as
+appropriate. If the <strong>KRB5CCNAME</strong> environment variable is set, its
+value is used to locate the default ticket cache.</p>
+</div>
+<div class="section" id="environment">
+<h2>ENVIRONMENT<a class="headerlink" href="#environment" title="Permalink to this headline">¶</a></h2>
+<p>klist uses the following environment variable:</p>
+<dl class="docutils">
+<dt><strong>KRB5CCNAME</strong></dt>
+<dd>Location of the default Kerberos 5 credentials (ticket) cache, in
+the form <em>type</em>:<em>residual</em>. If no <em>type</em> prefix is present, the
+<strong>FILE</strong> type is assumed. The type of the default cache may
+determine the availability of a cache collection; for instance, a
+default cache of type <strong>DIR</strong> causes caches within the directory
+to be present in the collection.</dd>
+</dl>
+</div>
+<div class="section" id="files">
+<h2>FILES<a class="headerlink" href="#files" title="Permalink to this headline">¶</a></h2>
+<dl class="docutils">
+<dt><a class="reference internal" href="../../mitK5defaults.html#paths"><em>DEFCCNAME</em></a></dt>
+<dd>Default location of Kerberos 5 credentials cache</dd>
+<dt><a class="reference internal" href="../../mitK5defaults.html#paths"><em>DEFKTNAME</em></a></dt>
+<dd>Default location for the local host&#8217;s keytab file.</dd>
+</dl>
+</div>
+<div class="section" id="see-also">
+<h2>SEE ALSO<a class="headerlink" href="#see-also" title="Permalink to this headline">¶</a></h2>
+<p><a class="reference internal" href="kinit.html#kinit-1"><em>kinit</em></a>, <a class="reference internal" href="kdestroy.html#kdestroy-1"><em>kdestroy</em></a></p>
+</div>
+</div>
+
+
+ </div>
+ </div>
+ </div>
+ </div>
+ <div class="sidebar">
+ <h2>On this page</h2>
+ <ul>
+<li><a class="reference internal" href="#">klist</a><ul>
+<li><a class="reference internal" href="#synopsis">SYNOPSIS</a></li>
+<li><a class="reference internal" href="#description">DESCRIPTION</a></li>
+<li><a class="reference internal" href="#options">OPTIONS</a></li>
+<li><a class="reference internal" href="#environment">ENVIRONMENT</a></li>
+<li><a class="reference internal" href="#files">FILES</a></li>
+<li><a class="reference internal" href="#see-also">SEE ALSO</a></li>
+</ul>
+</li>
+</ul>
+
+ <br/>
+ <h2>Table of contents</h2>
+ <ul class="current">
+<li class="toctree-l1 current"><a class="reference internal" href="../index.html">For users</a><ul class="current">
+<li class="toctree-l2"><a class="reference internal" href="../pwd_mgmt.html">Password management</a></li>
+<li class="toctree-l2"><a class="reference internal" href="../tkt_mgmt.html">Ticket management</a></li>
+<li class="toctree-l2"><a class="reference internal" href="../user_config/index.html">User config files</a></li>
+<li class="toctree-l2 current"><a class="reference internal" href="index.html">User commands</a><ul class="current">
+<li class="toctree-l3"><a class="reference internal" href="kdestroy.html">kdestroy</a></li>
+<li class="toctree-l3"><a class="reference internal" href="kinit.html">kinit</a></li>
+<li class="toctree-l3 current"><a class="current reference internal" href="">klist</a></li>
+<li class="toctree-l3"><a class="reference internal" href="kpasswd.html">kpasswd</a></li>
+<li class="toctree-l3"><a class="reference internal" href="krb5-config.html">krb5-config</a></li>
+<li class="toctree-l3"><a class="reference internal" href="ksu.html">ksu</a></li>
+<li class="toctree-l3"><a class="reference internal" href="kswitch.html">kswitch</a></li>
+<li class="toctree-l3"><a class="reference internal" href="kvno.html">kvno</a></li>
+<li class="toctree-l3"><a class="reference internal" href="sclient.html">sclient</a></li>
+</ul>
+</li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="../../admin/index.html">For administrators</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../appdev/index.html">For application developers</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../plugindev/index.html">For plugin module developers</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../build/index.html">Building Kerberos V5</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../basic/index.html">Kerberos V5 concepts</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../formats/index.html">Protocols and file formats</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../mitK5features.html">MIT Kerberos features</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../build_this.html">How to build this documentation from the source</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../about.html">Contributing to the MIT Kerberos Documentation</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../resources.html">Resources</a></li>
+</ul>
+
+ <br/>
+ <h4><a href="../../index.html">Full Table of Contents</a></h4>
+ <h4>Search</h4>
+ <form class="search" action="../../search.html" method="get">
+ <input type="text" name="q" size="18" />
+ <input type="submit" value="Go" />
+ <input type="hidden" name="check_keywords" value="yes" />
+ <input type="hidden" name="area" value="default" />
+ </form>
+ </div>
+ <div class="clearer"></div>
+ </div>
+ </div>
+
+ <div class="footer-wrapper">
+ <div class="footer" >
+ <div class="right" ><i>Release: 1.15.1</i><br />
+ &copy; <a href="../../copyright.html">Copyright</a> 1985-2017, MIT.
+ </div>
+ <div class="left">
+
+ <a href="../../index.html" title="Full Table of Contents"
+ >Contents</a> |
+ <a href="kinit.html" title="kinit"
+ >previous</a> |
+ <a href="kpasswd.html" title="kpasswd"
+ >next</a> |
+ <a href="../../genindex.html" title="General Index"
+ >index</a> |
+ <a href="../../search.html" title="Enter search criteria"
+ >Search</a> |
+ <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__klist">feedback</a>
+ </div>
+ </div>
+ </div>
+
+ </body>
+</html> \ No newline at end of file
diff --git a/doc/html/user/user_commands/kpasswd.html b/doc/html/user/user_commands/kpasswd.html
new file mode 100644
index 000000000000..41e453f6f520
--- /dev/null
+++ b/doc/html/user/user_commands/kpasswd.html
@@ -0,0 +1,186 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+ <head>
+ <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+
+ <title>kpasswd &mdash; MIT Kerberos Documentation</title>
+
+ <link rel="stylesheet" href="../../_static/agogo.css" type="text/css" />
+ <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
+ <link rel="stylesheet" href="../../_static/kerb.css" type="text/css" />
+
+ <script type="text/javascript">
+ var DOCUMENTATION_OPTIONS = {
+ URL_ROOT: '../../',
+ VERSION: '1.15.1',
+ COLLAPSE_INDEX: false,
+ FILE_SUFFIX: '.html',
+ HAS_SOURCE: true
+ };
+ </script>
+ <script type="text/javascript" src="../../_static/jquery.js"></script>
+ <script type="text/javascript" src="../../_static/underscore.js"></script>
+ <script type="text/javascript" src="../../_static/doctools.js"></script>
+ <link rel="author" title="About these documents" href="../../about.html" />
+ <link rel="copyright" title="Copyright" href="../../copyright.html" />
+ <link rel="top" title="MIT Kerberos Documentation" href="../../index.html" />
+ <link rel="up" title="User commands" href="index.html" />
+ <link rel="next" title="krb5-config" href="krb5-config.html" />
+ <link rel="prev" title="klist" href="klist.html" />
+ </head>
+ <body>
+ <div class="header-wrapper">
+ <div class="header">
+
+
+ <h1><a href="../../index.html">MIT Kerberos Documentation</a></h1>
+
+ <div class="rel">
+
+ <a href="../../index.html" title="Full Table of Contents"
+ accesskey="C">Contents</a> |
+ <a href="klist.html" title="klist"
+ accesskey="P">previous</a> |
+ <a href="krb5-config.html" title="krb5-config"
+ accesskey="N">next</a> |
+ <a href="../../genindex.html" title="General Index"
+ accesskey="I">index</a> |
+ <a href="../../search.html" title="Enter search criteria"
+ accesskey="S">Search</a> |
+ <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__kpasswd">feedback</a>
+ </div>
+ </div>
+ </div>
+
+ <div class="content-wrapper">
+ <div class="content">
+ <div class="document">
+
+ <div class="documentwrapper">
+ <div class="bodywrapper">
+ <div class="body">
+
+ <div class="section" id="kpasswd">
+<span id="kpasswd-1"></span><h1>kpasswd<a class="headerlink" href="#kpasswd" title="Permalink to this headline">¶</a></h1>
+<div class="section" id="synopsis">
+<h2>SYNOPSIS<a class="headerlink" href="#synopsis" title="Permalink to this headline">¶</a></h2>
+<p><strong>kpasswd</strong> [<em>principal</em>]</p>
+</div>
+<div class="section" id="description">
+<h2>DESCRIPTION<a class="headerlink" href="#description" title="Permalink to this headline">¶</a></h2>
+<p>The kpasswd command is used to change a Kerberos principal&#8217;s password.
+kpasswd first prompts for the current Kerberos password, then prompts
+the user twice for the new password, and the password is changed.</p>
+<p>If the principal is governed by a policy that specifies the length
+and/or number of character classes required in the new password, the
+new password must conform to the policy. (The five character classes
+are lower case, upper case, numbers, punctuation, and all other
+characters.)</p>
+</div>
+<div class="section" id="options">
+<h2>OPTIONS<a class="headerlink" href="#options" title="Permalink to this headline">¶</a></h2>
+<dl class="docutils">
+<dt><em>principal</em></dt>
+<dd>Change the password for the Kerberos principal principal.
+Otherwise, kpasswd uses the principal name from an existing ccache
+if there is one; if not, the principal is derived from the
+identity of the user invoking the kpasswd command.</dd>
+</dl>
+</div>
+<div class="section" id="see-also">
+<h2>SEE ALSO<a class="headerlink" href="#see-also" title="Permalink to this headline">¶</a></h2>
+<p><a class="reference internal" href="../../admin/admin_commands/kadmin_local.html#kadmin-1"><em>kadmin</em></a>, <a class="reference internal" href="../../admin/admin_commands/kadmind.html#kadmind-8"><em>kadmind</em></a></p>
+</div>
+</div>
+
+
+ </div>
+ </div>
+ </div>
+ </div>
+ <div class="sidebar">
+ <h2>On this page</h2>
+ <ul>
+<li><a class="reference internal" href="#">kpasswd</a><ul>
+<li><a class="reference internal" href="#synopsis">SYNOPSIS</a></li>
+<li><a class="reference internal" href="#description">DESCRIPTION</a></li>
+<li><a class="reference internal" href="#options">OPTIONS</a></li>
+<li><a class="reference internal" href="#see-also">SEE ALSO</a></li>
+</ul>
+</li>
+</ul>
+
+ <br/>
+ <h2>Table of contents</h2>
+ <ul class="current">
+<li class="toctree-l1 current"><a class="reference internal" href="../index.html">For users</a><ul class="current">
+<li class="toctree-l2"><a class="reference internal" href="../pwd_mgmt.html">Password management</a></li>
+<li class="toctree-l2"><a class="reference internal" href="../tkt_mgmt.html">Ticket management</a></li>
+<li class="toctree-l2"><a class="reference internal" href="../user_config/index.html">User config files</a></li>
+<li class="toctree-l2 current"><a class="reference internal" href="index.html">User commands</a><ul class="current">
+<li class="toctree-l3"><a class="reference internal" href="kdestroy.html">kdestroy</a></li>
+<li class="toctree-l3"><a class="reference internal" href="kinit.html">kinit</a></li>
+<li class="toctree-l3"><a class="reference internal" href="klist.html">klist</a></li>
+<li class="toctree-l3 current"><a class="current reference internal" href="">kpasswd</a></li>
+<li class="toctree-l3"><a class="reference internal" href="krb5-config.html">krb5-config</a></li>
+<li class="toctree-l3"><a class="reference internal" href="ksu.html">ksu</a></li>
+<li class="toctree-l3"><a class="reference internal" href="kswitch.html">kswitch</a></li>
+<li class="toctree-l3"><a class="reference internal" href="kvno.html">kvno</a></li>
+<li class="toctree-l3"><a class="reference internal" href="sclient.html">sclient</a></li>
+</ul>
+</li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="../../admin/index.html">For administrators</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../appdev/index.html">For application developers</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../plugindev/index.html">For plugin module developers</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../build/index.html">Building Kerberos V5</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../basic/index.html">Kerberos V5 concepts</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../formats/index.html">Protocols and file formats</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../mitK5features.html">MIT Kerberos features</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../build_this.html">How to build this documentation from the source</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../about.html">Contributing to the MIT Kerberos Documentation</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../resources.html">Resources</a></li>
+</ul>
+
+ <br/>
+ <h4><a href="../../index.html">Full Table of Contents</a></h4>
+ <h4>Search</h4>
+ <form class="search" action="../../search.html" method="get">
+ <input type="text" name="q" size="18" />
+ <input type="submit" value="Go" />
+ <input type="hidden" name="check_keywords" value="yes" />
+ <input type="hidden" name="area" value="default" />
+ </form>
+ </div>
+ <div class="clearer"></div>
+ </div>
+ </div>
+
+ <div class="footer-wrapper">
+ <div class="footer" >
+ <div class="right" ><i>Release: 1.15.1</i><br />
+ &copy; <a href="../../copyright.html">Copyright</a> 1985-2017, MIT.
+ </div>
+ <div class="left">
+
+ <a href="../../index.html" title="Full Table of Contents"
+ >Contents</a> |
+ <a href="klist.html" title="klist"
+ >previous</a> |
+ <a href="krb5-config.html" title="krb5-config"
+ >next</a> |
+ <a href="../../genindex.html" title="General Index"
+ >index</a> |
+ <a href="../../search.html" title="Enter search criteria"
+ >Search</a> |
+ <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__kpasswd">feedback</a>
+ </div>
+ </div>
+ </div>
+
+ </body>
+</html> \ No newline at end of file
diff --git a/doc/html/user/user_commands/krb5-config.html b/doc/html/user/user_commands/krb5-config.html
new file mode 100644
index 000000000000..e25f22e8ad18
--- /dev/null
+++ b/doc/html/user/user_commands/krb5-config.html
@@ -0,0 +1,238 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+ <head>
+ <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+
+ <title>krb5-config &mdash; MIT Kerberos Documentation</title>
+
+ <link rel="stylesheet" href="../../_static/agogo.css" type="text/css" />
+ <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
+ <link rel="stylesheet" href="../../_static/kerb.css" type="text/css" />
+
+ <script type="text/javascript">
+ var DOCUMENTATION_OPTIONS = {
+ URL_ROOT: '../../',
+ VERSION: '1.15.1',
+ COLLAPSE_INDEX: false,
+ FILE_SUFFIX: '.html',
+ HAS_SOURCE: true
+ };
+ </script>
+ <script type="text/javascript" src="../../_static/jquery.js"></script>
+ <script type="text/javascript" src="../../_static/underscore.js"></script>
+ <script type="text/javascript" src="../../_static/doctools.js"></script>
+ <link rel="author" title="About these documents" href="../../about.html" />
+ <link rel="copyright" title="Copyright" href="../../copyright.html" />
+ <link rel="top" title="MIT Kerberos Documentation" href="../../index.html" />
+ <link rel="up" title="User commands" href="index.html" />
+ <link rel="next" title="ksu" href="ksu.html" />
+ <link rel="prev" title="kpasswd" href="kpasswd.html" />
+ </head>
+ <body>
+ <div class="header-wrapper">
+ <div class="header">
+
+
+ <h1><a href="../../index.html">MIT Kerberos Documentation</a></h1>
+
+ <div class="rel">
+
+ <a href="../../index.html" title="Full Table of Contents"
+ accesskey="C">Contents</a> |
+ <a href="kpasswd.html" title="kpasswd"
+ accesskey="P">previous</a> |
+ <a href="ksu.html" title="ksu"
+ accesskey="N">next</a> |
+ <a href="../../genindex.html" title="General Index"
+ accesskey="I">index</a> |
+ <a href="../../search.html" title="Enter search criteria"
+ accesskey="S">Search</a> |
+ <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__krb5-config">feedback</a>
+ </div>
+ </div>
+ </div>
+
+ <div class="content-wrapper">
+ <div class="content">
+ <div class="document">
+
+ <div class="documentwrapper">
+ <div class="bodywrapper">
+ <div class="body">
+
+ <div class="section" id="krb5-config">
+<span id="krb5-config-1"></span><h1>krb5-config<a class="headerlink" href="#krb5-config" title="Permalink to this headline">¶</a></h1>
+<div class="section" id="synopsis">
+<h2>SYNOPSIS<a class="headerlink" href="#synopsis" title="Permalink to this headline">¶</a></h2>
+<p><strong>krb5-config</strong>
+[<strong>-</strong><strong>-help</strong> | <strong>-</strong><strong>-all</strong> | <strong>-</strong><strong>-version</strong> | <strong>-</strong><strong>-vendor</strong> | <strong>-</strong><strong>-prefix</strong> | <strong>-</strong><strong>-exec-prefix</strong> | <strong>-</strong><strong>-defccname</strong> | <strong>-</strong><strong>-defktname</strong> | <strong>-</strong><strong>-defcktname</strong> | <strong>-</strong><strong>-cflags</strong> | <strong>-</strong><strong>-libs</strong> [<em>libraries</em>]]</p>
+</div>
+<div class="section" id="description">
+<h2>DESCRIPTION<a class="headerlink" href="#description" title="Permalink to this headline">¶</a></h2>
+<p>krb5-config tells the application programmer what flags to use to compile
+and link programs against the installed Kerberos libraries.</p>
+</div>
+<div class="section" id="options">
+<h2>OPTIONS<a class="headerlink" href="#options" title="Permalink to this headline">¶</a></h2>
+<dl class="docutils">
+<dt><strong>-</strong><strong>-help</strong></dt>
+<dd>prints a usage message. This is the default behavior when no options
+are specified.</dd>
+<dt><strong>-</strong><strong>-all</strong></dt>
+<dd>prints the version, vendor, prefix, and exec-prefix.</dd>
+<dt><strong>-</strong><strong>-version</strong></dt>
+<dd>prints the version number of the Kerberos installation.</dd>
+<dt><strong>-</strong><strong>-vendor</strong></dt>
+<dd>prints the name of the vendor of the Kerberos installation.</dd>
+<dt><strong>-</strong><strong>-prefix</strong></dt>
+<dd>prints the prefix for which the Kerberos installation was built.</dd>
+<dt><strong>-</strong><strong>-exec-prefix</strong></dt>
+<dd>prints the prefix for executables for which the Kerberos installation
+was built.</dd>
+<dt><strong>-</strong><strong>-defccname</strong></dt>
+<dd>prints the built-in default credentials cache location.</dd>
+<dt><strong>-</strong><strong>-defktname</strong></dt>
+<dd>prints the built-in default keytab location.</dd>
+<dt><strong>-</strong><strong>-defcktname</strong></dt>
+<dd>prints the built-in default client (initiator) keytab location.</dd>
+<dt><strong>-</strong><strong>-cflags</strong></dt>
+<dd>prints the compilation flags used to build the Kerberos installation.</dd>
+<dt><strong>-</strong><strong>-libs</strong> [<em>library</em>]</dt>
+<dd><p class="first">prints the compiler options needed to link against <em>library</em>.
+Allowed values for <em>library</em> are:</p>
+<table border="1" class="last docutils">
+<colgroup>
+<col width="20%" />
+<col width="80%" />
+</colgroup>
+<tbody valign="top">
+<tr class="row-odd"><td>krb5</td>
+<td>Kerberos 5 applications (default)</td>
+</tr>
+<tr class="row-even"><td>gssapi</td>
+<td>GSSAPI applications with Kerberos 5 bindings</td>
+</tr>
+<tr class="row-odd"><td>kadm-client</td>
+<td>Kadmin client</td>
+</tr>
+<tr class="row-even"><td>kadm-server</td>
+<td>Kadmin server</td>
+</tr>
+<tr class="row-odd"><td>kdb</td>
+<td>Applications that access the Kerberos database</td>
+</tr>
+</tbody>
+</table>
+</dd>
+</dl>
+</div>
+<div class="section" id="examples">
+<h2>EXAMPLES<a class="headerlink" href="#examples" title="Permalink to this headline">¶</a></h2>
+<p>krb5-config is particularly useful for compiling against a Kerberos
+installation that was installed in a non-standard location. For example,
+a Kerberos installation that is installed in <tt class="docutils literal"><span class="pre">/opt/krb5/</span></tt> but uses
+libraries in <tt class="docutils literal"><span class="pre">/usr/local/lib/</span></tt> for text localization would produce
+the following output:</p>
+<div class="highlight-python"><div class="highlight"><pre>shell% krb5-config --libs krb5
+-L/opt/krb5/lib -Wl,-rpath -Wl,/opt/krb5/lib -L/usr/local/lib -lkrb5 -lk5crypto -lcom_err
+</pre></div>
+</div>
+</div>
+<div class="section" id="see-also">
+<h2>SEE ALSO<a class="headerlink" href="#see-also" title="Permalink to this headline">¶</a></h2>
+<p>kerberos(1), cc(1)</p>
+</div>
+</div>
+
+
+ </div>
+ </div>
+ </div>
+ </div>
+ <div class="sidebar">
+ <h2>On this page</h2>
+ <ul>
+<li><a class="reference internal" href="#">krb5-config</a><ul>
+<li><a class="reference internal" href="#synopsis">SYNOPSIS</a></li>
+<li><a class="reference internal" href="#description">DESCRIPTION</a></li>
+<li><a class="reference internal" href="#options">OPTIONS</a></li>
+<li><a class="reference internal" href="#examples">EXAMPLES</a></li>
+<li><a class="reference internal" href="#see-also">SEE ALSO</a></li>
+</ul>
+</li>
+</ul>
+
+ <br/>
+ <h2>Table of contents</h2>
+ <ul class="current">
+<li class="toctree-l1 current"><a class="reference internal" href="../index.html">For users</a><ul class="current">
+<li class="toctree-l2"><a class="reference internal" href="../pwd_mgmt.html">Password management</a></li>
+<li class="toctree-l2"><a class="reference internal" href="../tkt_mgmt.html">Ticket management</a></li>
+<li class="toctree-l2"><a class="reference internal" href="../user_config/index.html">User config files</a></li>
+<li class="toctree-l2 current"><a class="reference internal" href="index.html">User commands</a><ul class="current">
+<li class="toctree-l3"><a class="reference internal" href="kdestroy.html">kdestroy</a></li>
+<li class="toctree-l3"><a class="reference internal" href="kinit.html">kinit</a></li>
+<li class="toctree-l3"><a class="reference internal" href="klist.html">klist</a></li>
+<li class="toctree-l3"><a class="reference internal" href="kpasswd.html">kpasswd</a></li>
+<li class="toctree-l3 current"><a class="current reference internal" href="">krb5-config</a></li>
+<li class="toctree-l3"><a class="reference internal" href="ksu.html">ksu</a></li>
+<li class="toctree-l3"><a class="reference internal" href="kswitch.html">kswitch</a></li>
+<li class="toctree-l3"><a class="reference internal" href="kvno.html">kvno</a></li>
+<li class="toctree-l3"><a class="reference internal" href="sclient.html">sclient</a></li>
+</ul>
+</li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="../../admin/index.html">For administrators</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../appdev/index.html">For application developers</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../plugindev/index.html">For plugin module developers</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../build/index.html">Building Kerberos V5</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../basic/index.html">Kerberos V5 concepts</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../formats/index.html">Protocols and file formats</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../mitK5features.html">MIT Kerberos features</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../build_this.html">How to build this documentation from the source</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../about.html">Contributing to the MIT Kerberos Documentation</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../resources.html">Resources</a></li>
+</ul>
+
+ <br/>
+ <h4><a href="../../index.html">Full Table of Contents</a></h4>
+ <h4>Search</h4>
+ <form class="search" action="../../search.html" method="get">
+ <input type="text" name="q" size="18" />
+ <input type="submit" value="Go" />
+ <input type="hidden" name="check_keywords" value="yes" />
+ <input type="hidden" name="area" value="default" />
+ </form>
+ </div>
+ <div class="clearer"></div>
+ </div>
+ </div>
+
+ <div class="footer-wrapper">
+ <div class="footer" >
+ <div class="right" ><i>Release: 1.15.1</i><br />
+ &copy; <a href="../../copyright.html">Copyright</a> 1985-2017, MIT.
+ </div>
+ <div class="left">
+
+ <a href="../../index.html" title="Full Table of Contents"
+ >Contents</a> |
+ <a href="kpasswd.html" title="kpasswd"
+ >previous</a> |
+ <a href="ksu.html" title="ksu"
+ >next</a> |
+ <a href="../../genindex.html" title="General Index"
+ >index</a> |
+ <a href="../../search.html" title="Enter search criteria"
+ >Search</a> |
+ <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__krb5-config">feedback</a>
+ </div>
+ </div>
+ </div>
+
+ </body>
+</html> \ No newline at end of file
diff --git a/doc/html/user/user_commands/ksu.html b/doc/html/user/user_commands/ksu.html
new file mode 100644
index 000000000000..894576304b8d
--- /dev/null
+++ b/doc/html/user/user_commands/ksu.html
@@ -0,0 +1,507 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+ <head>
+ <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+
+ <title>ksu &mdash; MIT Kerberos Documentation</title>
+
+ <link rel="stylesheet" href="../../_static/agogo.css" type="text/css" />
+ <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
+ <link rel="stylesheet" href="../../_static/kerb.css" type="text/css" />
+
+ <script type="text/javascript">
+ var DOCUMENTATION_OPTIONS = {
+ URL_ROOT: '../../',
+ VERSION: '1.15.1',
+ COLLAPSE_INDEX: false,
+ FILE_SUFFIX: '.html',
+ HAS_SOURCE: true
+ };
+ </script>
+ <script type="text/javascript" src="../../_static/jquery.js"></script>
+ <script type="text/javascript" src="../../_static/underscore.js"></script>
+ <script type="text/javascript" src="../../_static/doctools.js"></script>
+ <link rel="author" title="About these documents" href="../../about.html" />
+ <link rel="copyright" title="Copyright" href="../../copyright.html" />
+ <link rel="top" title="MIT Kerberos Documentation" href="../../index.html" />
+ <link rel="up" title="User commands" href="index.html" />
+ <link rel="next" title="kswitch" href="kswitch.html" />
+ <link rel="prev" title="krb5-config" href="krb5-config.html" />
+ </head>
+ <body>
+ <div class="header-wrapper">
+ <div class="header">
+
+
+ <h1><a href="../../index.html">MIT Kerberos Documentation</a></h1>
+
+ <div class="rel">
+
+ <a href="../../index.html" title="Full Table of Contents"
+ accesskey="C">Contents</a> |
+ <a href="krb5-config.html" title="krb5-config"
+ accesskey="P">previous</a> |
+ <a href="kswitch.html" title="kswitch"
+ accesskey="N">next</a> |
+ <a href="../../genindex.html" title="General Index"
+ accesskey="I">index</a> |
+ <a href="../../search.html" title="Enter search criteria"
+ accesskey="S">Search</a> |
+ <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__ksu">feedback</a>
+ </div>
+ </div>
+ </div>
+
+ <div class="content-wrapper">
+ <div class="content">
+ <div class="document">
+
+ <div class="documentwrapper">
+ <div class="bodywrapper">
+ <div class="body">
+
+ <div class="section" id="ksu">
+<span id="ksu-1"></span><h1>ksu<a class="headerlink" href="#ksu" title="Permalink to this headline">¶</a></h1>
+<div class="section" id="synopsis">
+<h2>SYNOPSIS<a class="headerlink" href="#synopsis" title="Permalink to this headline">¶</a></h2>
+<p><strong>ksu</strong>
+[ <em>target_user</em> ]
+[ <strong>-n</strong> <em>target_principal_name</em> ]
+[ <strong>-c</strong> <em>source_cache_name</em> ]
+[ <strong>-k</strong> ]
+[ <strong>-r</strong> time ]
+[ <strong>-pf</strong> ]
+[ <strong>-l</strong> <em>lifetime</em> ]
+[ <strong>-z | Z</strong> ]
+[ <strong>-q</strong> ]
+[ <strong>-e</strong> <em>command</em> [ args ... ] ] [ <strong>-a</strong> [ args ... ] ]</p>
+</div>
+<div class="section" id="requirements">
+<h2>REQUIREMENTS<a class="headerlink" href="#requirements" title="Permalink to this headline">¶</a></h2>
+<p>Must have Kerberos version 5 installed to compile ksu. Must have a
+Kerberos version 5 server running to use ksu.</p>
+</div>
+<div class="section" id="description">
+<h2>DESCRIPTION<a class="headerlink" href="#description" title="Permalink to this headline">¶</a></h2>
+<p>ksu is a Kerberized version of the su program that has two missions:
+one is to securely change the real and effective user ID to that of
+the target user, and the other is to create a new security context.</p>
+<div class="admonition note">
+<p class="first admonition-title">Note</p>
+<p>For the sake of clarity, all references to and attributes of
+the user invoking the program will start with &#8220;source&#8221;
+(e.g., &#8220;source user&#8221;, &#8220;source cache&#8221;, etc.).</p>
+<p class="last">Likewise, all references to and attributes of the target
+account will start with &#8220;target&#8221;.</p>
+</div>
+</div>
+<div class="section" id="authentication">
+<h2>AUTHENTICATION<a class="headerlink" href="#authentication" title="Permalink to this headline">¶</a></h2>
+<p>To fulfill the first mission, ksu operates in two phases:
+authentication and authorization. Resolving the target principal name
+is the first step in authentication. The user can either specify his
+principal name with the <strong>-n</strong> option (e.g., <tt class="docutils literal"><span class="pre">-n</span> <span class="pre">jqpublic&#64;USC.EDU</span></tt>)
+or a default principal name will be assigned using a heuristic
+described in the OPTIONS section (see <strong>-n</strong> option). The target user
+name must be the first argument to ksu; if not specified root is the
+default. If <tt class="docutils literal"><span class="pre">.</span></tt> is specified then the target user will be the
+source user (e.g., <tt class="docutils literal"><span class="pre">ksu</span> <span class="pre">.</span></tt>). If the source user is root or the
+target user is the source user, no authentication or authorization
+takes place. Otherwise, ksu looks for an appropriate Kerberos ticket
+in the source cache.</p>
+<p>The ticket can either be for the end-server or a ticket granting
+ticket (TGT) for the target principal&#8217;s realm. If the ticket for the
+end-server is already in the cache, it&#8217;s decrypted and verified. If
+it&#8217;s not in the cache but the TGT is, the TGT is used to obtain the
+ticket for the end-server. The end-server ticket is then verified.
+If neither ticket is in the cache, but ksu is compiled with the
+<strong>GET_TGT_VIA_PASSWD</strong> define, the user will be prompted for a
+Kerberos password which will then be used to get a TGT. If the user
+is logged in remotely and does not have a secure channel, the password
+may be exposed. If neither ticket is in the cache and
+<strong>GET_TGT_VIA_PASSWD</strong> is not defined, authentication fails.</p>
+</div>
+<div class="section" id="authorization">
+<h2>AUTHORIZATION<a class="headerlink" href="#authorization" title="Permalink to this headline">¶</a></h2>
+<p>This section describes authorization of the source user when ksu is
+invoked without the <strong>-e</strong> option. For a description of the <strong>-e</strong>
+option, see the OPTIONS section.</p>
+<p>Upon successful authentication, ksu checks whether the target
+principal is authorized to access the target account. In the target
+user&#8217;s home directory, ksu attempts to access two authorization files:
+<a class="reference internal" href="../user_config/k5login.html#k5login-5"><em>.k5login</em></a> and .k5users. In the .k5login file each line
+contains the name of a principal that is authorized to access the
+account.</p>
+<p>For example:</p>
+<div class="highlight-python"><div class="highlight"><pre>jqpublic@USC.EDU
+jqpublic/secure@USC.EDU
+jqpublic/admin@USC.EDU
+</pre></div>
+</div>
+<p>The format of .k5users is the same, except the principal name may be
+followed by a list of commands that the principal is authorized to
+execute (see the <strong>-e</strong> option in the OPTIONS section for details).</p>
+<p>Thus if the target principal name is found in the .k5login file the
+source user is authorized to access the target account. Otherwise ksu
+looks in the .k5users file. If the target principal name is found
+without any trailing commands or followed only by <tt class="docutils literal"><span class="pre">*</span></tt> then the
+source user is authorized. If either .k5login or .k5users exist but
+an appropriate entry for the target principal does not exist then
+access is denied. If neither file exists then the principal will be
+granted access to the account according to the aname-&gt;lname mapping
+rules. Otherwise, authorization fails.</p>
+</div>
+<div class="section" id="execution-of-the-target-shell">
+<h2>EXECUTION OF THE TARGET SHELL<a class="headerlink" href="#execution-of-the-target-shell" title="Permalink to this headline">¶</a></h2>
+<p>Upon successful authentication and authorization, ksu proceeds in a
+similar fashion to su. The environment is unmodified with the
+exception of USER, HOME and SHELL variables. If the target user is
+not root, USER gets set to the target user name. Otherwise USER
+remains unchanged. Both HOME and SHELL are set to the target login&#8217;s
+default values. In addition, the environment variable <strong>KRB5CCNAME</strong>
+gets set to the name of the target cache. The real and effective user
+ID are changed to that of the target user. The target user&#8217;s shell is
+then invoked (the shell name is specified in the password file). Upon
+termination of the shell, ksu deletes the target cache (unless ksu is
+invoked with the <strong>-k</strong> option). This is implemented by first doing a
+fork and then an exec, instead of just exec, as done by su.</p>
+</div>
+<div class="section" id="creating-a-new-security-context">
+<h2>CREATING A NEW SECURITY CONTEXT<a class="headerlink" href="#creating-a-new-security-context" title="Permalink to this headline">¶</a></h2>
+<p>ksu can be used to create a new security context for the target
+program (either the target shell, or command specified via the <strong>-e</strong>
+option). The target program inherits a set of credentials from the
+source user. By default, this set includes all of the credentials in
+the source cache plus any additional credentials obtained during
+authentication. The source user is able to limit the credentials in
+this set by using <strong>-z</strong> or <strong>-Z</strong> option. <strong>-z</strong> restricts the copy
+of tickets from the source cache to the target cache to only the
+tickets where client == the target principal name. The <strong>-Z</strong> option
+provides the target user with a fresh target cache (no creds in the
+cache). Note that for security reasons, when the source user is root
+and target user is non-root, <strong>-z</strong> option is the default mode of
+operation.</p>
+<p>While no authentication takes place if the source user is root or is
+the same as the target user, additional tickets can still be obtained
+for the target cache. If <strong>-n</strong> is specified and no credentials can
+be copied to the target cache, the source user is prompted for a
+Kerberos password (unless <strong>-Z</strong> specified or <strong>GET_TGT_VIA_PASSWD</strong>
+is undefined). If successful, a TGT is obtained from the Kerberos
+server and stored in the target cache. Otherwise, if a password is
+not provided (user hit return) ksu continues in a normal mode of
+operation (the target cache will not contain the desired TGT). If the
+wrong password is typed in, ksu fails.</p>
+<div class="admonition note">
+<p class="first admonition-title">Note</p>
+<p class="last">During authentication, only the tickets that could be
+obtained without providing a password are cached in in the
+source cache.</p>
+</div>
+</div>
+<div class="section" id="options">
+<h2>OPTIONS<a class="headerlink" href="#options" title="Permalink to this headline">¶</a></h2>
+<dl class="docutils">
+<dt><strong>-n</strong> <em>target_principal_name</em></dt>
+<dd><p class="first">Specify a Kerberos target principal name. Used in authentication
+and authorization phases of ksu.</p>
+<p>If ksu is invoked without <strong>-n</strong>, a default principal name is
+assigned via the following heuristic:</p>
+<ul class="last">
+<li><p class="first">Case 1: source user is non-root.</p>
+<p>If the target user is the source user the default principal name
+is set to the default principal of the source cache. If the
+cache does not exist then the default principal name is set to
+<tt class="docutils literal"><span class="pre">target_user&#64;local_realm</span></tt>. If the source and target users are
+different and neither <tt class="docutils literal"><span class="pre">~target_user/.k5users</span></tt> nor
+<tt class="docutils literal"><span class="pre">~target_user/.k5login</span></tt> exist then the default principal name
+is <tt class="docutils literal"><span class="pre">target_user_login_name&#64;local_realm</span></tt>. Otherwise, starting
+with the first principal listed below, ksu checks if the
+principal is authorized to access the target account and whether
+there is a legitimate ticket for that principal in the source
+cache. If both conditions are met that principal becomes the
+default target principal, otherwise go to the next principal.</p>
+<ol class="loweralpha simple">
+<li>default principal of the source cache</li>
+<li>target_user&#64;local_realm</li>
+<li>source_user&#64;local_realm</li>
+</ol>
+<p>If a-c fails try any principal for which there is a ticket in
+the source cache and that is authorized to access the target
+account. If that fails select the first principal that is
+authorized to access the target account from the above list. If
+none are authorized and ksu is configured with
+<strong>PRINC_LOOK_AHEAD</strong> turned on, select the default principal as
+follows:</p>
+<p>For each candidate in the above list, select an authorized
+principal that has the same realm name and first part of the
+principal name equal to the prefix of the candidate. For
+example if candidate a) is <tt class="docutils literal"><span class="pre">jqpublic&#64;ISI.EDU</span></tt> and
+<tt class="docutils literal"><span class="pre">jqpublic/secure&#64;ISI.EDU</span></tt> is authorized to access the target
+account then the default principal is set to
+<tt class="docutils literal"><span class="pre">jqpublic/secure&#64;ISI.EDU</span></tt>.</p>
+</li>
+<li><p class="first">Case 2: source user is root.</p>
+<p>If the target user is non-root then the default principal name
+is <tt class="docutils literal"><span class="pre">target_user&#64;local_realm</span></tt>. Else, if the source cache
+exists the default principal name is set to the default
+principal of the source cache. If the source cache does not
+exist, default principal name is set to <tt class="docutils literal"><span class="pre">root\&#64;local_realm</span></tt>.</p>
+</li>
+</ul>
+</dd>
+</dl>
+<p><strong>-c</strong> <em>source_cache_name</em></p>
+<blockquote>
+<div><p>Specify source cache name (e.g., <tt class="docutils literal"><span class="pre">-c</span> <span class="pre">FILE:/tmp/my_cache</span></tt>). If
+<strong>-c</strong> option is not used then the name is obtained from
+<strong>KRB5CCNAME</strong> environment variable. If <strong>KRB5CCNAME</strong> is not
+defined the source cache name is set to <tt class="docutils literal"><span class="pre">krb5cc_&lt;source</span> <span class="pre">uid&gt;</span></tt>.
+The target cache name is automatically set to <tt class="docutils literal"><span class="pre">krb5cc_&lt;target</span>
+<span class="pre">uid&gt;.(gen_sym())</span></tt>, where gen_sym generates a new number such that
+the resulting cache does not already exist. For example:</p>
+<div class="highlight-python"><div class="highlight"><pre>krb5cc_1984.2
+</pre></div>
+</div>
+</div></blockquote>
+<dl class="docutils">
+<dt><strong>-k</strong></dt>
+<dd>Do not delete the target cache upon termination of the target
+shell or a command (<strong>-e</strong> command). Without <strong>-k</strong>, ksu deletes
+the target cache.</dd>
+<dt><strong>-z</strong></dt>
+<dd>Restrict the copy of tickets from the source cache to the target
+cache to only the tickets where client == the target principal
+name. Use the <strong>-n</strong> option if you want the tickets for other then
+the default principal. Note that the <strong>-z</strong> option is mutually
+exclusive with the <strong>-Z</strong> option.</dd>
+<dt><strong>-Z</strong></dt>
+<dd>Don&#8217;t copy any tickets from the source cache to the target cache.
+Just create a fresh target cache, where the default principal name
+of the cache is initialized to the target principal name. Note
+that the <strong>-Z</strong> option is mutually exclusive with the <strong>-z</strong>
+option.</dd>
+<dt><strong>-q</strong></dt>
+<dd>Suppress the printing of status messages.</dd>
+</dl>
+<p>Ticket granting ticket options:</p>
+<dl class="docutils">
+<dt><strong>-l</strong> <em>lifetime</em> <strong>-r</strong> <em>time</em> <strong>-pf</strong></dt>
+<dd>The ticket granting ticket options only apply to the case where
+there are no appropriate tickets in the cache to authenticate the
+source user. In this case if ksu is configured to prompt users
+for a Kerberos password (<strong>GET_TGT_VIA_PASSWD</strong> is defined), the
+ticket granting ticket options that are specified will be used
+when getting a ticket granting ticket from the Kerberos server.</dd>
+<dt><strong>-l</strong> <em>lifetime</em></dt>
+<dd>(<a class="reference internal" href="../../basic/date_format.html#duration"><em>Time duration</em></a> string.) Specifies the lifetime to be requested
+for the ticket; if this option is not specified, the default ticket
+lifetime (12 hours) is used instead.</dd>
+<dt><strong>-r</strong> <em>time</em></dt>
+<dd>(<a class="reference internal" href="../../basic/date_format.html#duration"><em>Time duration</em></a> string.) Specifies that the <strong>renewable</strong> option
+should be requested for the ticket, and specifies the desired
+total lifetime of the ticket.</dd>
+<dt><strong>-p</strong></dt>
+<dd>specifies that the <strong>proxiable</strong> option should be requested for
+the ticket.</dd>
+<dt><strong>-f</strong></dt>
+<dd>option specifies that the <strong>forwardable</strong> option should be
+requested for the ticket.</dd>
+<dt><strong>-e</strong> <em>command</em> [<em>args</em> ...]</dt>
+<dd><p class="first">ksu proceeds exactly the same as if it was invoked without the
+<strong>-e</strong> option, except instead of executing the target shell, ksu
+executes the specified command. Example of usage:</p>
+<div class="highlight-python"><div class="highlight"><pre>ksu bob -e ls -lag
+</pre></div>
+</div>
+<p>The authorization algorithm for <strong>-e</strong> is as follows:</p>
+<p>If the source user is root or source user == target user, no
+authorization takes place and the command is executed. If source
+user id != 0, and <tt class="docutils literal"><span class="pre">~target_user/.k5users</span></tt> file does not exist,
+authorization fails. Otherwise, <tt class="docutils literal"><span class="pre">~target_user/.k5users</span></tt> file
+must have an appropriate entry for target principal to get
+authorized.</p>
+<p>The .k5users file format:</p>
+<p>A single principal entry on each line that may be followed by a
+list of commands that the principal is authorized to execute. A
+principal name followed by a <tt class="docutils literal"><span class="pre">*</span></tt> means that the user is
+authorized to execute any command. Thus, in the following
+example:</p>
+<div class="highlight-python"><div class="highlight"><pre>jqpublic@USC.EDU ls mail /local/kerberos/klist
+jqpublic/secure@USC.EDU *
+jqpublic/admin@USC.EDU
+</pre></div>
+</div>
+<p><tt class="docutils literal"><span class="pre">jqpublic&#64;USC.EDU</span></tt> is only authorized to execute <tt class="docutils literal"><span class="pre">ls</span></tt>,
+<tt class="docutils literal"><span class="pre">mail</span></tt> and <tt class="docutils literal"><span class="pre">klist</span></tt> commands. <tt class="docutils literal"><span class="pre">jqpublic/secure&#64;USC.EDU</span></tt> is
+authorized to execute any command. <tt class="docutils literal"><span class="pre">jqpublic/admin&#64;USC.EDU</span></tt> is
+not authorized to execute any command. Note, that
+<tt class="docutils literal"><span class="pre">jqpublic/admin&#64;USC.EDU</span></tt> is authorized to execute the target
+shell (regular ksu, without the <strong>-e</strong> option) but
+<tt class="docutils literal"><span class="pre">jqpublic&#64;USC.EDU</span></tt> is not.</p>
+<p>The commands listed after the principal name must be either a full
+path names or just the program name. In the second case,
+<strong>CMD_PATH</strong> specifying the location of authorized programs must
+be defined at the compilation time of ksu. Which command gets
+executed?</p>
+<p class="last">If the source user is root or the target user is the source user
+or the user is authorized to execute any command (<tt class="docutils literal"><span class="pre">*</span></tt> entry)
+then command can be either a full or a relative path leading to
+the target program. Otherwise, the user must specify either a
+full path or just the program name.</p>
+</dd>
+<dt><strong>-a</strong> <em>args</em></dt>
+<dd><p class="first">Specify arguments to be passed to the target shell. Note that all
+flags and parameters following -a will be passed to the shell,
+thus all options intended for ksu must precede <strong>-a</strong>.</p>
+<p>The <strong>-a</strong> option can be used to simulate the <strong>-e</strong> option if
+used as follows:</p>
+<div class="highlight-python"><div class="highlight"><pre>-a -c [command [arguments]].
+</pre></div>
+</div>
+<p class="last"><strong>-c</strong> is interpreted by the c-shell to execute the command.</p>
+</dd>
+</dl>
+</div>
+<div class="section" id="installation-instructions">
+<h2>INSTALLATION INSTRUCTIONS<a class="headerlink" href="#installation-instructions" title="Permalink to this headline">¶</a></h2>
+<p>ksu can be compiled with the following four flags:</p>
+<dl class="docutils">
+<dt><strong>GET_TGT_VIA_PASSWD</strong></dt>
+<dd>In case no appropriate tickets are found in the source cache, the
+user will be prompted for a Kerberos password. The password is
+then used to get a ticket granting ticket from the Kerberos
+server. The danger of configuring ksu with this macro is if the
+source user is logged in remotely and does not have a secure
+channel, the password may get exposed.</dd>
+<dt><strong>PRINC_LOOK_AHEAD</strong></dt>
+<dd>During the resolution of the default principal name,
+<strong>PRINC_LOOK_AHEAD</strong> enables ksu to find principal names in
+the .k5users file as described in the OPTIONS section
+(see <strong>-n</strong> option).</dd>
+<dt><strong>CMD_PATH</strong></dt>
+<dd>Specifies a list of directories containing programs that users are
+authorized to execute (via .k5users file).</dd>
+<dt><strong>HAVE_GETUSERSHELL</strong></dt>
+<dd>If the source user is non-root, ksu insists that the target user&#8217;s
+shell to be invoked is a &#8220;legal shell&#8221;. <em>getusershell(3)</em> is
+called to obtain the names of &#8220;legal shells&#8221;. Note that the
+target user&#8217;s shell is obtained from the passwd file.</dd>
+</dl>
+<p>Sample configuration:</p>
+<div class="highlight-python"><div class="highlight"><pre>KSU_OPTS = -DGET_TGT_VIA_PASSWD -DPRINC_LOOK_AHEAD -DCMD_PATH=&#39;&quot;/bin /usr/ucb /local/bin&quot;
+</pre></div>
+</div>
+<p>ksu should be owned by root and have the set user id bit turned on.</p>
+<p>ksu attempts to get a ticket for the end server just as Kerberized
+telnet and rlogin. Thus, there must be an entry for the server in the
+Kerberos database (e.g., <tt class="docutils literal"><span class="pre">host/nii.isi.edu&#64;ISI.EDU</span></tt>). The keytab
+file must be in an appropriate location.</p>
+</div>
+<div class="section" id="side-effects">
+<h2>SIDE EFFECTS<a class="headerlink" href="#side-effects" title="Permalink to this headline">¶</a></h2>
+<p>ksu deletes all expired tickets from the source cache.</p>
+</div>
+<div class="section" id="author-of-ksu">
+<h2>AUTHOR OF KSU<a class="headerlink" href="#author-of-ksu" title="Permalink to this headline">¶</a></h2>
+<p>GENNADY (ARI) MEDVINSKY</p>
+</div>
+</div>
+
+
+ </div>
+ </div>
+ </div>
+ </div>
+ <div class="sidebar">
+ <h2>On this page</h2>
+ <ul>
+<li><a class="reference internal" href="#">ksu</a><ul>
+<li><a class="reference internal" href="#synopsis">SYNOPSIS</a></li>
+<li><a class="reference internal" href="#requirements">REQUIREMENTS</a></li>
+<li><a class="reference internal" href="#description">DESCRIPTION</a></li>
+<li><a class="reference internal" href="#authentication">AUTHENTICATION</a></li>
+<li><a class="reference internal" href="#authorization">AUTHORIZATION</a></li>
+<li><a class="reference internal" href="#execution-of-the-target-shell">EXECUTION OF THE TARGET SHELL</a></li>
+<li><a class="reference internal" href="#creating-a-new-security-context">CREATING A NEW SECURITY CONTEXT</a></li>
+<li><a class="reference internal" href="#options">OPTIONS</a></li>
+<li><a class="reference internal" href="#installation-instructions">INSTALLATION INSTRUCTIONS</a></li>
+<li><a class="reference internal" href="#side-effects">SIDE EFFECTS</a></li>
+<li><a class="reference internal" href="#author-of-ksu">AUTHOR OF KSU</a></li>
+</ul>
+</li>
+</ul>
+
+ <br/>
+ <h2>Table of contents</h2>
+ <ul class="current">
+<li class="toctree-l1 current"><a class="reference internal" href="../index.html">For users</a><ul class="current">
+<li class="toctree-l2"><a class="reference internal" href="../pwd_mgmt.html">Password management</a></li>
+<li class="toctree-l2"><a class="reference internal" href="../tkt_mgmt.html">Ticket management</a></li>
+<li class="toctree-l2"><a class="reference internal" href="../user_config/index.html">User config files</a></li>
+<li class="toctree-l2 current"><a class="reference internal" href="index.html">User commands</a><ul class="current">
+<li class="toctree-l3"><a class="reference internal" href="kdestroy.html">kdestroy</a></li>
+<li class="toctree-l3"><a class="reference internal" href="kinit.html">kinit</a></li>
+<li class="toctree-l3"><a class="reference internal" href="klist.html">klist</a></li>
+<li class="toctree-l3"><a class="reference internal" href="kpasswd.html">kpasswd</a></li>
+<li class="toctree-l3"><a class="reference internal" href="krb5-config.html">krb5-config</a></li>
+<li class="toctree-l3 current"><a class="current reference internal" href="">ksu</a></li>
+<li class="toctree-l3"><a class="reference internal" href="kswitch.html">kswitch</a></li>
+<li class="toctree-l3"><a class="reference internal" href="kvno.html">kvno</a></li>
+<li class="toctree-l3"><a class="reference internal" href="sclient.html">sclient</a></li>
+</ul>
+</li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="../../admin/index.html">For administrators</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../appdev/index.html">For application developers</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../plugindev/index.html">For plugin module developers</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../build/index.html">Building Kerberos V5</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../basic/index.html">Kerberos V5 concepts</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../formats/index.html">Protocols and file formats</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../mitK5features.html">MIT Kerberos features</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../build_this.html">How to build this documentation from the source</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../about.html">Contributing to the MIT Kerberos Documentation</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../resources.html">Resources</a></li>
+</ul>
+
+ <br/>
+ <h4><a href="../../index.html">Full Table of Contents</a></h4>
+ <h4>Search</h4>
+ <form class="search" action="../../search.html" method="get">
+ <input type="text" name="q" size="18" />
+ <input type="submit" value="Go" />
+ <input type="hidden" name="check_keywords" value="yes" />
+ <input type="hidden" name="area" value="default" />
+ </form>
+ </div>
+ <div class="clearer"></div>
+ </div>
+ </div>
+
+ <div class="footer-wrapper">
+ <div class="footer" >
+ <div class="right" ><i>Release: 1.15.1</i><br />
+ &copy; <a href="../../copyright.html">Copyright</a> 1985-2017, MIT.
+ </div>
+ <div class="left">
+
+ <a href="../../index.html" title="Full Table of Contents"
+ >Contents</a> |
+ <a href="krb5-config.html" title="krb5-config"
+ >previous</a> |
+ <a href="kswitch.html" title="kswitch"
+ >next</a> |
+ <a href="../../genindex.html" title="General Index"
+ >index</a> |
+ <a href="../../search.html" title="Enter search criteria"
+ >Search</a> |
+ <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__ksu">feedback</a>
+ </div>
+ </div>
+ </div>
+
+ </body>
+</html> \ No newline at end of file
diff --git a/doc/html/user/user_commands/kswitch.html b/doc/html/user/user_commands/kswitch.html
new file mode 100644
index 000000000000..49187fdeb6b1
--- /dev/null
+++ b/doc/html/user/user_commands/kswitch.html
@@ -0,0 +1,204 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+ <head>
+ <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+
+ <title>kswitch &mdash; MIT Kerberos Documentation</title>
+
+ <link rel="stylesheet" href="../../_static/agogo.css" type="text/css" />
+ <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
+ <link rel="stylesheet" href="../../_static/kerb.css" type="text/css" />
+
+ <script type="text/javascript">
+ var DOCUMENTATION_OPTIONS = {
+ URL_ROOT: '../../',
+ VERSION: '1.15.1',
+ COLLAPSE_INDEX: false,
+ FILE_SUFFIX: '.html',
+ HAS_SOURCE: true
+ };
+ </script>
+ <script type="text/javascript" src="../../_static/jquery.js"></script>
+ <script type="text/javascript" src="../../_static/underscore.js"></script>
+ <script type="text/javascript" src="../../_static/doctools.js"></script>
+ <link rel="author" title="About these documents" href="../../about.html" />
+ <link rel="copyright" title="Copyright" href="../../copyright.html" />
+ <link rel="top" title="MIT Kerberos Documentation" href="../../index.html" />
+ <link rel="up" title="User commands" href="index.html" />
+ <link rel="next" title="kvno" href="kvno.html" />
+ <link rel="prev" title="ksu" href="ksu.html" />
+ </head>
+ <body>
+ <div class="header-wrapper">
+ <div class="header">
+
+
+ <h1><a href="../../index.html">MIT Kerberos Documentation</a></h1>
+
+ <div class="rel">
+
+ <a href="../../index.html" title="Full Table of Contents"
+ accesskey="C">Contents</a> |
+ <a href="ksu.html" title="ksu"
+ accesskey="P">previous</a> |
+ <a href="kvno.html" title="kvno"
+ accesskey="N">next</a> |
+ <a href="../../genindex.html" title="General Index"
+ accesskey="I">index</a> |
+ <a href="../../search.html" title="Enter search criteria"
+ accesskey="S">Search</a> |
+ <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__kswitch">feedback</a>
+ </div>
+ </div>
+ </div>
+
+ <div class="content-wrapper">
+ <div class="content">
+ <div class="document">
+
+ <div class="documentwrapper">
+ <div class="bodywrapper">
+ <div class="body">
+
+ <div class="section" id="kswitch">
+<span id="kswitch-1"></span><h1>kswitch<a class="headerlink" href="#kswitch" title="Permalink to this headline">¶</a></h1>
+<div class="section" id="synopsis">
+<h2>SYNOPSIS<a class="headerlink" href="#synopsis" title="Permalink to this headline">¶</a></h2>
+<p><strong>kswitch</strong>
+{<strong>-c</strong> <em>cachename</em>|<strong>-p</strong> <em>principal</em>}</p>
+</div>
+<div class="section" id="description">
+<h2>DESCRIPTION<a class="headerlink" href="#description" title="Permalink to this headline">¶</a></h2>
+<p>kswitch makes the specified credential cache the primary cache for the
+collection, if a cache collection is available.</p>
+</div>
+<div class="section" id="options">
+<h2>OPTIONS<a class="headerlink" href="#options" title="Permalink to this headline">¶</a></h2>
+<dl class="docutils">
+<dt><strong>-c</strong> <em>cachename</em></dt>
+<dd>Directly specifies the credential cache to be made primary.</dd>
+<dt><strong>-p</strong> <em>principal</em></dt>
+<dd>Causes the cache collection to be searched for a cache containing
+credentials for <em>principal</em>. If one is found, that collection is
+made primary.</dd>
+</dl>
+</div>
+<div class="section" id="environment">
+<h2>ENVIRONMENT<a class="headerlink" href="#environment" title="Permalink to this headline">¶</a></h2>
+<p>kswitch uses the following environment variables:</p>
+<dl class="docutils">
+<dt><strong>KRB5CCNAME</strong></dt>
+<dd>Location of the default Kerberos 5 credentials (ticket) cache, in
+the form <em>type</em>:<em>residual</em>. If no <em>type</em> prefix is present, the
+<strong>FILE</strong> type is assumed. The type of the default cache may
+determine the availability of a cache collection; for instance, a
+default cache of type <strong>DIR</strong> causes caches within the directory
+to be present in the collection.</dd>
+</dl>
+</div>
+<div class="section" id="files">
+<h2>FILES<a class="headerlink" href="#files" title="Permalink to this headline">¶</a></h2>
+<dl class="docutils">
+<dt><a class="reference internal" href="../../mitK5defaults.html#paths"><em>DEFCCNAME</em></a></dt>
+<dd>Default location of Kerberos 5 credentials cache</dd>
+</dl>
+</div>
+<div class="section" id="see-also">
+<h2>SEE ALSO<a class="headerlink" href="#see-also" title="Permalink to this headline">¶</a></h2>
+<p><a class="reference internal" href="kinit.html#kinit-1"><em>kinit</em></a>, <a class="reference internal" href="kdestroy.html#kdestroy-1"><em>kdestroy</em></a>, <a class="reference internal" href="klist.html#klist-1"><em>klist</em></a>), kerberos(1)</p>
+</div>
+</div>
+
+
+ </div>
+ </div>
+ </div>
+ </div>
+ <div class="sidebar">
+ <h2>On this page</h2>
+ <ul>
+<li><a class="reference internal" href="#">kswitch</a><ul>
+<li><a class="reference internal" href="#synopsis">SYNOPSIS</a></li>
+<li><a class="reference internal" href="#description">DESCRIPTION</a></li>
+<li><a class="reference internal" href="#options">OPTIONS</a></li>
+<li><a class="reference internal" href="#environment">ENVIRONMENT</a></li>
+<li><a class="reference internal" href="#files">FILES</a></li>
+<li><a class="reference internal" href="#see-also">SEE ALSO</a></li>
+</ul>
+</li>
+</ul>
+
+ <br/>
+ <h2>Table of contents</h2>
+ <ul class="current">
+<li class="toctree-l1 current"><a class="reference internal" href="../index.html">For users</a><ul class="current">
+<li class="toctree-l2"><a class="reference internal" href="../pwd_mgmt.html">Password management</a></li>
+<li class="toctree-l2"><a class="reference internal" href="../tkt_mgmt.html">Ticket management</a></li>
+<li class="toctree-l2"><a class="reference internal" href="../user_config/index.html">User config files</a></li>
+<li class="toctree-l2 current"><a class="reference internal" href="index.html">User commands</a><ul class="current">
+<li class="toctree-l3"><a class="reference internal" href="kdestroy.html">kdestroy</a></li>
+<li class="toctree-l3"><a class="reference internal" href="kinit.html">kinit</a></li>
+<li class="toctree-l3"><a class="reference internal" href="klist.html">klist</a></li>
+<li class="toctree-l3"><a class="reference internal" href="kpasswd.html">kpasswd</a></li>
+<li class="toctree-l3"><a class="reference internal" href="krb5-config.html">krb5-config</a></li>
+<li class="toctree-l3"><a class="reference internal" href="ksu.html">ksu</a></li>
+<li class="toctree-l3 current"><a class="current reference internal" href="">kswitch</a></li>
+<li class="toctree-l3"><a class="reference internal" href="kvno.html">kvno</a></li>
+<li class="toctree-l3"><a class="reference internal" href="sclient.html">sclient</a></li>
+</ul>
+</li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="../../admin/index.html">For administrators</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../appdev/index.html">For application developers</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../plugindev/index.html">For plugin module developers</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../build/index.html">Building Kerberos V5</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../basic/index.html">Kerberos V5 concepts</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../formats/index.html">Protocols and file formats</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../mitK5features.html">MIT Kerberos features</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../build_this.html">How to build this documentation from the source</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../about.html">Contributing to the MIT Kerberos Documentation</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../resources.html">Resources</a></li>
+</ul>
+
+ <br/>
+ <h4><a href="../../index.html">Full Table of Contents</a></h4>
+ <h4>Search</h4>
+ <form class="search" action="../../search.html" method="get">
+ <input type="text" name="q" size="18" />
+ <input type="submit" value="Go" />
+ <input type="hidden" name="check_keywords" value="yes" />
+ <input type="hidden" name="area" value="default" />
+ </form>
+ </div>
+ <div class="clearer"></div>
+ </div>
+ </div>
+
+ <div class="footer-wrapper">
+ <div class="footer" >
+ <div class="right" ><i>Release: 1.15.1</i><br />
+ &copy; <a href="../../copyright.html">Copyright</a> 1985-2017, MIT.
+ </div>
+ <div class="left">
+
+ <a href="../../index.html" title="Full Table of Contents"
+ >Contents</a> |
+ <a href="ksu.html" title="ksu"
+ >previous</a> |
+ <a href="kvno.html" title="kvno"
+ >next</a> |
+ <a href="../../genindex.html" title="General Index"
+ >index</a> |
+ <a href="../../search.html" title="Enter search criteria"
+ >Search</a> |
+ <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__kswitch">feedback</a>
+ </div>
+ </div>
+ </div>
+
+ </body>
+</html> \ No newline at end of file
diff --git a/doc/html/user/user_commands/kvno.html b/doc/html/user/user_commands/kvno.html
new file mode 100644
index 000000000000..e5588d3cc7ca
--- /dev/null
+++ b/doc/html/user/user_commands/kvno.html
@@ -0,0 +1,229 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+ <head>
+ <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+
+ <title>kvno &mdash; MIT Kerberos Documentation</title>
+
+ <link rel="stylesheet" href="../../_static/agogo.css" type="text/css" />
+ <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
+ <link rel="stylesheet" href="../../_static/kerb.css" type="text/css" />
+
+ <script type="text/javascript">
+ var DOCUMENTATION_OPTIONS = {
+ URL_ROOT: '../../',
+ VERSION: '1.15.1',
+ COLLAPSE_INDEX: false,
+ FILE_SUFFIX: '.html',
+ HAS_SOURCE: true
+ };
+ </script>
+ <script type="text/javascript" src="../../_static/jquery.js"></script>
+ <script type="text/javascript" src="../../_static/underscore.js"></script>
+ <script type="text/javascript" src="../../_static/doctools.js"></script>
+ <link rel="author" title="About these documents" href="../../about.html" />
+ <link rel="copyright" title="Copyright" href="../../copyright.html" />
+ <link rel="top" title="MIT Kerberos Documentation" href="../../index.html" />
+ <link rel="up" title="User commands" href="index.html" />
+ <link rel="next" title="sclient" href="sclient.html" />
+ <link rel="prev" title="kswitch" href="kswitch.html" />
+ </head>
+ <body>
+ <div class="header-wrapper">
+ <div class="header">
+
+
+ <h1><a href="../../index.html">MIT Kerberos Documentation</a></h1>
+
+ <div class="rel">
+
+ <a href="../../index.html" title="Full Table of Contents"
+ accesskey="C">Contents</a> |
+ <a href="kswitch.html" title="kswitch"
+ accesskey="P">previous</a> |
+ <a href="sclient.html" title="sclient"
+ accesskey="N">next</a> |
+ <a href="../../genindex.html" title="General Index"
+ accesskey="I">index</a> |
+ <a href="../../search.html" title="Enter search criteria"
+ accesskey="S">Search</a> |
+ <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__kvno">feedback</a>
+ </div>
+ </div>
+ </div>
+
+ <div class="content-wrapper">
+ <div class="content">
+ <div class="document">
+
+ <div class="documentwrapper">
+ <div class="bodywrapper">
+ <div class="body">
+
+ <div class="section" id="kvno">
+<span id="kvno-1"></span><h1>kvno<a class="headerlink" href="#kvno" title="Permalink to this headline">¶</a></h1>
+<div class="section" id="synopsis">
+<h2>SYNOPSIS<a class="headerlink" href="#synopsis" title="Permalink to this headline">¶</a></h2>
+<p><strong>kvno</strong>
+[<strong>-c</strong> <em>ccache</em>]
+[<strong>-e</strong> <em>etype</em>]
+[<strong>-q</strong>]
+[<strong>-h</strong>]
+[<strong>-P</strong>]
+[<strong>-S</strong> <em>sname</em>]
+[<strong>-U</strong> <em>for_user</em>]
+<em>service1 service2</em> ...</p>
+</div>
+<div class="section" id="description">
+<h2>DESCRIPTION<a class="headerlink" href="#description" title="Permalink to this headline">¶</a></h2>
+<p>kvno acquires a service ticket for the specified Kerberos principals
+and prints out the key version numbers of each.</p>
+</div>
+<div class="section" id="options">
+<h2>OPTIONS<a class="headerlink" href="#options" title="Permalink to this headline">¶</a></h2>
+<dl class="docutils">
+<dt><strong>-c</strong> <em>ccache</em></dt>
+<dd>Specifies the name of a credentials cache to use (if not the
+default)</dd>
+<dt><strong>-e</strong> <em>etype</em></dt>
+<dd>Specifies the enctype which will be requested for the session key
+of all the services named on the command line. This is useful in
+certain backward compatibility situations.</dd>
+<dt><strong>-q</strong></dt>
+<dd>Suppress printing output when successful. If a service ticket
+cannot be obtained, an error message will still be printed and
+kvno will exit with nonzero status.</dd>
+<dt><strong>-h</strong></dt>
+<dd>Prints a usage statement and exits.</dd>
+<dt><strong>-P</strong></dt>
+<dd>Specifies that the <em>service1 service2</em> ... arguments are to be
+treated as services for which credentials should be acquired using
+constrained delegation. This option is only valid when used in
+conjunction with protocol transition.</dd>
+<dt><strong>-S</strong> <em>sname</em></dt>
+<dd>Specifies that the <em>service1 service2</em> ... arguments are
+interpreted as hostnames, and the service principals are to be
+constructed from those hostnames and the service name <em>sname</em>.
+The service hostnames will be canonicalized according to the usual
+rules for constructing service principals.</dd>
+<dt><strong>-U</strong> <em>for_user</em></dt>
+<dd>Specifies that protocol transition (S4U2Self) is to be used to
+acquire a ticket on behalf of <em>for_user</em>. If constrained
+delegation is not requested, the service name must match the
+credentials cache client principal.</dd>
+</dl>
+</div>
+<div class="section" id="environment">
+<h2>ENVIRONMENT<a class="headerlink" href="#environment" title="Permalink to this headline">¶</a></h2>
+<p>kvno uses the following environment variable:</p>
+<dl class="docutils">
+<dt><strong>KRB5CCNAME</strong></dt>
+<dd>Location of the credentials (ticket) cache.</dd>
+</dl>
+</div>
+<div class="section" id="files">
+<h2>FILES<a class="headerlink" href="#files" title="Permalink to this headline">¶</a></h2>
+<dl class="docutils">
+<dt><a class="reference internal" href="../../mitK5defaults.html#paths"><em>DEFCCNAME</em></a></dt>
+<dd>Default location of the credentials cache</dd>
+</dl>
+</div>
+<div class="section" id="see-also">
+<h2>SEE ALSO<a class="headerlink" href="#see-also" title="Permalink to this headline">¶</a></h2>
+<p><a class="reference internal" href="kinit.html#kinit-1"><em>kinit</em></a>, <a class="reference internal" href="kdestroy.html#kdestroy-1"><em>kdestroy</em></a></p>
+</div>
+</div>
+
+
+ </div>
+ </div>
+ </div>
+ </div>
+ <div class="sidebar">
+ <h2>On this page</h2>
+ <ul>
+<li><a class="reference internal" href="#">kvno</a><ul>
+<li><a class="reference internal" href="#synopsis">SYNOPSIS</a></li>
+<li><a class="reference internal" href="#description">DESCRIPTION</a></li>
+<li><a class="reference internal" href="#options">OPTIONS</a></li>
+<li><a class="reference internal" href="#environment">ENVIRONMENT</a></li>
+<li><a class="reference internal" href="#files">FILES</a></li>
+<li><a class="reference internal" href="#see-also">SEE ALSO</a></li>
+</ul>
+</li>
+</ul>
+
+ <br/>
+ <h2>Table of contents</h2>
+ <ul class="current">
+<li class="toctree-l1 current"><a class="reference internal" href="../index.html">For users</a><ul class="current">
+<li class="toctree-l2"><a class="reference internal" href="../pwd_mgmt.html">Password management</a></li>
+<li class="toctree-l2"><a class="reference internal" href="../tkt_mgmt.html">Ticket management</a></li>
+<li class="toctree-l2"><a class="reference internal" href="../user_config/index.html">User config files</a></li>
+<li class="toctree-l2 current"><a class="reference internal" href="index.html">User commands</a><ul class="current">
+<li class="toctree-l3"><a class="reference internal" href="kdestroy.html">kdestroy</a></li>
+<li class="toctree-l3"><a class="reference internal" href="kinit.html">kinit</a></li>
+<li class="toctree-l3"><a class="reference internal" href="klist.html">klist</a></li>
+<li class="toctree-l3"><a class="reference internal" href="kpasswd.html">kpasswd</a></li>
+<li class="toctree-l3"><a class="reference internal" href="krb5-config.html">krb5-config</a></li>
+<li class="toctree-l3"><a class="reference internal" href="ksu.html">ksu</a></li>
+<li class="toctree-l3"><a class="reference internal" href="kswitch.html">kswitch</a></li>
+<li class="toctree-l3 current"><a class="current reference internal" href="">kvno</a></li>
+<li class="toctree-l3"><a class="reference internal" href="sclient.html">sclient</a></li>
+</ul>
+</li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="../../admin/index.html">For administrators</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../appdev/index.html">For application developers</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../plugindev/index.html">For plugin module developers</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../build/index.html">Building Kerberos V5</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../basic/index.html">Kerberos V5 concepts</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../formats/index.html">Protocols and file formats</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../mitK5features.html">MIT Kerberos features</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../build_this.html">How to build this documentation from the source</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../about.html">Contributing to the MIT Kerberos Documentation</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../resources.html">Resources</a></li>
+</ul>
+
+ <br/>
+ <h4><a href="../../index.html">Full Table of Contents</a></h4>
+ <h4>Search</h4>
+ <form class="search" action="../../search.html" method="get">
+ <input type="text" name="q" size="18" />
+ <input type="submit" value="Go" />
+ <input type="hidden" name="check_keywords" value="yes" />
+ <input type="hidden" name="area" value="default" />
+ </form>
+ </div>
+ <div class="clearer"></div>
+ </div>
+ </div>
+
+ <div class="footer-wrapper">
+ <div class="footer" >
+ <div class="right" ><i>Release: 1.15.1</i><br />
+ &copy; <a href="../../copyright.html">Copyright</a> 1985-2017, MIT.
+ </div>
+ <div class="left">
+
+ <a href="../../index.html" title="Full Table of Contents"
+ >Contents</a> |
+ <a href="kswitch.html" title="kswitch"
+ >previous</a> |
+ <a href="sclient.html" title="sclient"
+ >next</a> |
+ <a href="../../genindex.html" title="General Index"
+ >index</a> |
+ <a href="../../search.html" title="Enter search criteria"
+ >Search</a> |
+ <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__kvno">feedback</a>
+ </div>
+ </div>
+ </div>
+
+ </body>
+</html> \ No newline at end of file
diff --git a/doc/html/user/user_commands/sclient.html b/doc/html/user/user_commands/sclient.html
new file mode 100644
index 000000000000..ab04fc54be4a
--- /dev/null
+++ b/doc/html/user/user_commands/sclient.html
@@ -0,0 +1,171 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+ <head>
+ <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+
+ <title>sclient &mdash; MIT Kerberos Documentation</title>
+
+ <link rel="stylesheet" href="../../_static/agogo.css" type="text/css" />
+ <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
+ <link rel="stylesheet" href="../../_static/kerb.css" type="text/css" />
+
+ <script type="text/javascript">
+ var DOCUMENTATION_OPTIONS = {
+ URL_ROOT: '../../',
+ VERSION: '1.15.1',
+ COLLAPSE_INDEX: false,
+ FILE_SUFFIX: '.html',
+ HAS_SOURCE: true
+ };
+ </script>
+ <script type="text/javascript" src="../../_static/jquery.js"></script>
+ <script type="text/javascript" src="../../_static/underscore.js"></script>
+ <script type="text/javascript" src="../../_static/doctools.js"></script>
+ <link rel="author" title="About these documents" href="../../about.html" />
+ <link rel="copyright" title="Copyright" href="../../copyright.html" />
+ <link rel="top" title="MIT Kerberos Documentation" href="../../index.html" />
+ <link rel="up" title="User commands" href="index.html" />
+ <link rel="next" title="For administrators" href="../../admin/index.html" />
+ <link rel="prev" title="kvno" href="kvno.html" />
+ </head>
+ <body>
+ <div class="header-wrapper">
+ <div class="header">
+
+
+ <h1><a href="../../index.html">MIT Kerberos Documentation</a></h1>
+
+ <div class="rel">
+
+ <a href="../../index.html" title="Full Table of Contents"
+ accesskey="C">Contents</a> |
+ <a href="kvno.html" title="kvno"
+ accesskey="P">previous</a> |
+ <a href="../../admin/index.html" title="For administrators"
+ accesskey="N">next</a> |
+ <a href="../../genindex.html" title="General Index"
+ accesskey="I">index</a> |
+ <a href="../../search.html" title="Enter search criteria"
+ accesskey="S">Search</a> |
+ <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__sclient">feedback</a>
+ </div>
+ </div>
+ </div>
+
+ <div class="content-wrapper">
+ <div class="content">
+ <div class="document">
+
+ <div class="documentwrapper">
+ <div class="bodywrapper">
+ <div class="body">
+
+ <div class="section" id="sclient">
+<span id="sclient-1"></span><h1>sclient<a class="headerlink" href="#sclient" title="Permalink to this headline">¶</a></h1>
+<div class="section" id="synopsis">
+<h2>SYNOPSIS<a class="headerlink" href="#synopsis" title="Permalink to this headline">¶</a></h2>
+<p><strong>sclient</strong> <em>remotehost</em></p>
+</div>
+<div class="section" id="description">
+<h2>DESCRIPTION<a class="headerlink" href="#description" title="Permalink to this headline">¶</a></h2>
+<p>sclient is a sample application, primarily useful for testing
+purposes. It contacts a sample server <a class="reference internal" href="../../admin/admin_commands/sserver.html#sserver-8"><em>sserver</em></a> and
+authenticates to it using Kerberos version 5 tickets, then displays
+the server&#8217;s response.</p>
+</div>
+<div class="section" id="see-also">
+<h2>SEE ALSO<a class="headerlink" href="#see-also" title="Permalink to this headline">¶</a></h2>
+<p><a class="reference internal" href="kinit.html#kinit-1"><em>kinit</em></a>, <a class="reference internal" href="../../admin/admin_commands/sserver.html#sserver-8"><em>sserver</em></a></p>
+</div>
+</div>
+
+
+ </div>
+ </div>
+ </div>
+ </div>
+ <div class="sidebar">
+ <h2>On this page</h2>
+ <ul>
+<li><a class="reference internal" href="#">sclient</a><ul>
+<li><a class="reference internal" href="#synopsis">SYNOPSIS</a></li>
+<li><a class="reference internal" href="#description">DESCRIPTION</a></li>
+<li><a class="reference internal" href="#see-also">SEE ALSO</a></li>
+</ul>
+</li>
+</ul>
+
+ <br/>
+ <h2>Table of contents</h2>
+ <ul class="current">
+<li class="toctree-l1 current"><a class="reference internal" href="../index.html">For users</a><ul class="current">
+<li class="toctree-l2"><a class="reference internal" href="../pwd_mgmt.html">Password management</a></li>
+<li class="toctree-l2"><a class="reference internal" href="../tkt_mgmt.html">Ticket management</a></li>
+<li class="toctree-l2"><a class="reference internal" href="../user_config/index.html">User config files</a></li>
+<li class="toctree-l2 current"><a class="reference internal" href="index.html">User commands</a><ul class="current">
+<li class="toctree-l3"><a class="reference internal" href="kdestroy.html">kdestroy</a></li>
+<li class="toctree-l3"><a class="reference internal" href="kinit.html">kinit</a></li>
+<li class="toctree-l3"><a class="reference internal" href="klist.html">klist</a></li>
+<li class="toctree-l3"><a class="reference internal" href="kpasswd.html">kpasswd</a></li>
+<li class="toctree-l3"><a class="reference internal" href="krb5-config.html">krb5-config</a></li>
+<li class="toctree-l3"><a class="reference internal" href="ksu.html">ksu</a></li>
+<li class="toctree-l3"><a class="reference internal" href="kswitch.html">kswitch</a></li>
+<li class="toctree-l3"><a class="reference internal" href="kvno.html">kvno</a></li>
+<li class="toctree-l3 current"><a class="current reference internal" href="">sclient</a></li>
+</ul>
+</li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="../../admin/index.html">For administrators</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../appdev/index.html">For application developers</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../plugindev/index.html">For plugin module developers</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../build/index.html">Building Kerberos V5</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../basic/index.html">Kerberos V5 concepts</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../formats/index.html">Protocols and file formats</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../mitK5features.html">MIT Kerberos features</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../build_this.html">How to build this documentation from the source</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../about.html">Contributing to the MIT Kerberos Documentation</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../resources.html">Resources</a></li>
+</ul>
+
+ <br/>
+ <h4><a href="../../index.html">Full Table of Contents</a></h4>
+ <h4>Search</h4>
+ <form class="search" action="../../search.html" method="get">
+ <input type="text" name="q" size="18" />
+ <input type="submit" value="Go" />
+ <input type="hidden" name="check_keywords" value="yes" />
+ <input type="hidden" name="area" value="default" />
+ </form>
+ </div>
+ <div class="clearer"></div>
+ </div>
+ </div>
+
+ <div class="footer-wrapper">
+ <div class="footer" >
+ <div class="right" ><i>Release: 1.15.1</i><br />
+ &copy; <a href="../../copyright.html">Copyright</a> 1985-2017, MIT.
+ </div>
+ <div class="left">
+
+ <a href="../../index.html" title="Full Table of Contents"
+ >Contents</a> |
+ <a href="kvno.html" title="kvno"
+ >previous</a> |
+ <a href="../../admin/index.html" title="For administrators"
+ >next</a> |
+ <a href="../../genindex.html" title="General Index"
+ >index</a> |
+ <a href="../../search.html" title="Enter search criteria"
+ >Search</a> |
+ <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__sclient">feedback</a>
+ </div>
+ </div>
+ </div>
+
+ </body>
+</html> \ No newline at end of file
diff --git a/doc/html/user/user_config/index.html b/doc/html/user/user_config/index.html
new file mode 100644
index 000000000000..d075b2f61fa7
--- /dev/null
+++ b/doc/html/user/user_config/index.html
@@ -0,0 +1,153 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+ <head>
+ <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+
+ <title>User config files &mdash; MIT Kerberos Documentation</title>
+
+ <link rel="stylesheet" href="../../_static/agogo.css" type="text/css" />
+ <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
+ <link rel="stylesheet" href="../../_static/kerb.css" type="text/css" />
+
+ <script type="text/javascript">
+ var DOCUMENTATION_OPTIONS = {
+ URL_ROOT: '../../',
+ VERSION: '1.15.1',
+ COLLAPSE_INDEX: false,
+ FILE_SUFFIX: '.html',
+ HAS_SOURCE: true
+ };
+ </script>
+ <script type="text/javascript" src="../../_static/jquery.js"></script>
+ <script type="text/javascript" src="../../_static/underscore.js"></script>
+ <script type="text/javascript" src="../../_static/doctools.js"></script>
+ <link rel="author" title="About these documents" href="../../about.html" />
+ <link rel="copyright" title="Copyright" href="../../copyright.html" />
+ <link rel="top" title="MIT Kerberos Documentation" href="../../index.html" />
+ <link rel="up" title="For users" href="../index.html" />
+ <link rel="next" title=".k5login" href="k5login.html" />
+ <link rel="prev" title="Ticket management" href="../tkt_mgmt.html" />
+ </head>
+ <body>
+ <div class="header-wrapper">
+ <div class="header">
+
+
+ <h1><a href="../../index.html">MIT Kerberos Documentation</a></h1>
+
+ <div class="rel">
+
+ <a href="../../index.html" title="Full Table of Contents"
+ accesskey="C">Contents</a> |
+ <a href="../tkt_mgmt.html" title="Ticket management"
+ accesskey="P">previous</a> |
+ <a href="k5login.html" title=".k5login"
+ accesskey="N">next</a> |
+ <a href="../../genindex.html" title="General Index"
+ accesskey="I">index</a> |
+ <a href="../../search.html" title="Enter search criteria"
+ accesskey="S">Search</a> |
+ <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__User config files">feedback</a>
+ </div>
+ </div>
+ </div>
+
+ <div class="content-wrapper">
+ <div class="content">
+ <div class="document">
+
+ <div class="documentwrapper">
+ <div class="bodywrapper">
+ <div class="body">
+
+ <div class="section" id="user-config-files">
+<h1>User config files<a class="headerlink" href="#user-config-files" title="Permalink to this headline">¶</a></h1>
+<p>The following files in your home directory can be used to control the
+behavior of Kerberos as it applies to your account (unless they have
+been disabled by your host&#8217;s configuration):</p>
+<div class="toctree-wrapper compound">
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="k5login.html">.k5login</a></li>
+<li class="toctree-l1"><a class="reference internal" href="k5identity.html">.k5identity</a></li>
+</ul>
+</div>
+</div>
+
+
+ </div>
+ </div>
+ </div>
+ </div>
+ <div class="sidebar">
+ <h2>On this page</h2>
+ <ul>
+<li><a class="reference internal" href="#">User config files</a></li>
+</ul>
+
+ <br/>
+ <h2>Table of contents</h2>
+ <ul class="current">
+<li class="toctree-l1 current"><a class="reference internal" href="../index.html">For users</a><ul class="current">
+<li class="toctree-l2"><a class="reference internal" href="../pwd_mgmt.html">Password management</a></li>
+<li class="toctree-l2"><a class="reference internal" href="../tkt_mgmt.html">Ticket management</a></li>
+<li class="toctree-l2 current"><a class="current reference internal" href="">User config files</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="k5login.html">.k5login</a></li>
+<li class="toctree-l3"><a class="reference internal" href="k5identity.html">.k5identity</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="../user_commands/index.html">User commands</a></li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="../../admin/index.html">For administrators</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../appdev/index.html">For application developers</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../plugindev/index.html">For plugin module developers</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../build/index.html">Building Kerberos V5</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../basic/index.html">Kerberos V5 concepts</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../formats/index.html">Protocols and file formats</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../mitK5features.html">MIT Kerberos features</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../build_this.html">How to build this documentation from the source</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../about.html">Contributing to the MIT Kerberos Documentation</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../resources.html">Resources</a></li>
+</ul>
+
+ <br/>
+ <h4><a href="../../index.html">Full Table of Contents</a></h4>
+ <h4>Search</h4>
+ <form class="search" action="../../search.html" method="get">
+ <input type="text" name="q" size="18" />
+ <input type="submit" value="Go" />
+ <input type="hidden" name="check_keywords" value="yes" />
+ <input type="hidden" name="area" value="default" />
+ </form>
+ </div>
+ <div class="clearer"></div>
+ </div>
+ </div>
+
+ <div class="footer-wrapper">
+ <div class="footer" >
+ <div class="right" ><i>Release: 1.15.1</i><br />
+ &copy; <a href="../../copyright.html">Copyright</a> 1985-2017, MIT.
+ </div>
+ <div class="left">
+
+ <a href="../../index.html" title="Full Table of Contents"
+ >Contents</a> |
+ <a href="../tkt_mgmt.html" title="Ticket management"
+ >previous</a> |
+ <a href="k5login.html" title=".k5login"
+ >next</a> |
+ <a href="../../genindex.html" title="General Index"
+ >index</a> |
+ <a href="../../search.html" title="Enter search criteria"
+ >Search</a> |
+ <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__User config files">feedback</a>
+ </div>
+ </div>
+ </div>
+
+ </body>
+</html> \ No newline at end of file
diff --git a/doc/html/user/user_config/k5identity.html b/doc/html/user/user_config/k5identity.html
new file mode 100644
index 000000000000..914154b510d3
--- /dev/null
+++ b/doc/html/user/user_config/k5identity.html
@@ -0,0 +1,202 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+ <head>
+ <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+
+ <title>.k5identity &mdash; MIT Kerberos Documentation</title>
+
+ <link rel="stylesheet" href="../../_static/agogo.css" type="text/css" />
+ <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
+ <link rel="stylesheet" href="../../_static/kerb.css" type="text/css" />
+
+ <script type="text/javascript">
+ var DOCUMENTATION_OPTIONS = {
+ URL_ROOT: '../../',
+ VERSION: '1.15.1',
+ COLLAPSE_INDEX: false,
+ FILE_SUFFIX: '.html',
+ HAS_SOURCE: true
+ };
+ </script>
+ <script type="text/javascript" src="../../_static/jquery.js"></script>
+ <script type="text/javascript" src="../../_static/underscore.js"></script>
+ <script type="text/javascript" src="../../_static/doctools.js"></script>
+ <link rel="author" title="About these documents" href="../../about.html" />
+ <link rel="copyright" title="Copyright" href="../../copyright.html" />
+ <link rel="top" title="MIT Kerberos Documentation" href="../../index.html" />
+ <link rel="up" title="User config files" href="index.html" />
+ <link rel="next" title="User commands" href="../user_commands/index.html" />
+ <link rel="prev" title=".k5login" href="k5login.html" />
+ </head>
+ <body>
+ <div class="header-wrapper">
+ <div class="header">
+
+
+ <h1><a href="../../index.html">MIT Kerberos Documentation</a></h1>
+
+ <div class="rel">
+
+ <a href="../../index.html" title="Full Table of Contents"
+ accesskey="C">Contents</a> |
+ <a href="k5login.html" title=".k5login"
+ accesskey="P">previous</a> |
+ <a href="../user_commands/index.html" title="User commands"
+ accesskey="N">next</a> |
+ <a href="../../genindex.html" title="General Index"
+ accesskey="I">index</a> |
+ <a href="../../search.html" title="Enter search criteria"
+ accesskey="S">Search</a> |
+ <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__.k5identity">feedback</a>
+ </div>
+ </div>
+ </div>
+
+ <div class="content-wrapper">
+ <div class="content">
+ <div class="document">
+
+ <div class="documentwrapper">
+ <div class="bodywrapper">
+ <div class="body">
+
+ <div class="section" id="k5identity">
+<span id="k5identity-5"></span><h1>.k5identity<a class="headerlink" href="#k5identity" title="Permalink to this headline">¶</a></h1>
+<div class="section" id="description">
+<h2>DESCRIPTION<a class="headerlink" href="#description" title="Permalink to this headline">¶</a></h2>
+<p>The .k5identity file, which resides in a user&#8217;s home directory,
+contains a list of rules for selecting a client principals based on
+the server being accessed. These rules are used to choose a
+credential cache within the cache collection when possible.</p>
+<p>Blank lines and lines beginning with <tt class="docutils literal"><span class="pre">#</span></tt> are ignored. Each line has
+the form:</p>
+<blockquote>
+<div><em>principal</em> <em>field</em>=<em>value</em> ...</div></blockquote>
+<p>If the server principal meets all of the field constraints, then
+principal is chosen as the client principal. The following fields are
+recognized:</p>
+<dl class="docutils">
+<dt><strong>realm</strong></dt>
+<dd>If the realm of the server principal is known, it is matched
+against <em>value</em>, which may be a pattern using shell wildcards.
+For host-based server principals, the realm will generally only be
+known if there is a <a class="reference internal" href="../../admin/conf_files/krb5_conf.html#domain-realm"><em>[domain_realm]</em></a> section in
+<a class="reference internal" href="../../admin/conf_files/krb5_conf.html#krb5-conf-5"><em>krb5.conf</em></a> with a mapping for the hostname.</dd>
+<dt><strong>service</strong></dt>
+<dd>If the server principal is a host-based principal, its service
+component is matched against <em>value</em>, which may be a pattern using
+shell wildcards.</dd>
+<dt><strong>host</strong></dt>
+<dd><p class="first">If the server principal is a host-based principal, its hostname
+component is converted to lower case and matched against <em>value</em>,
+which may be a pattern using shell wildcards.</p>
+<p class="last">If the server principal matches the constraints of multiple lines
+in the .k5identity file, the principal from the first matching
+line is used. If no line matches, credentials will be selected
+some other way, such as the realm heuristic or the current primary
+cache.</p>
+</dd>
+</dl>
+</div>
+<div class="section" id="example">
+<h2>EXAMPLE<a class="headerlink" href="#example" title="Permalink to this headline">¶</a></h2>
+<p>The following example .k5identity file selects the client principal
+<tt class="docutils literal"><span class="pre">alice&#64;KRBTEST.COM</span></tt> if the server principal is within that realm,
+the principal <tt class="docutils literal"><span class="pre">alice/root&#64;EXAMPLE.COM</span></tt> if the server host is within
+a servers subdomain, and the principal <tt class="docutils literal"><span class="pre">alice/mail&#64;EXAMPLE.COM</span></tt> when
+accessing the IMAP service on <tt class="docutils literal"><span class="pre">mail.example.com</span></tt>:</p>
+<div class="highlight-python"><div class="highlight"><pre>alice@KRBTEST.COM realm=KRBTEST.COM
+alice/root@EXAMPLE.COM host=*.servers.example.com
+alice/mail@EXAMPLE.COM host=mail.example.com service=imap
+</pre></div>
+</div>
+</div>
+<div class="section" id="see-also">
+<h2>SEE ALSO<a class="headerlink" href="#see-also" title="Permalink to this headline">¶</a></h2>
+<p>kerberos(1), <a class="reference internal" href="../../admin/conf_files/krb5_conf.html#krb5-conf-5"><em>krb5.conf</em></a></p>
+</div>
+</div>
+
+
+ </div>
+ </div>
+ </div>
+ </div>
+ <div class="sidebar">
+ <h2>On this page</h2>
+ <ul>
+<li><a class="reference internal" href="#">.k5identity</a><ul>
+<li><a class="reference internal" href="#description">DESCRIPTION</a></li>
+<li><a class="reference internal" href="#example">EXAMPLE</a></li>
+<li><a class="reference internal" href="#see-also">SEE ALSO</a></li>
+</ul>
+</li>
+</ul>
+
+ <br/>
+ <h2>Table of contents</h2>
+ <ul class="current">
+<li class="toctree-l1 current"><a class="reference internal" href="../index.html">For users</a><ul class="current">
+<li class="toctree-l2"><a class="reference internal" href="../pwd_mgmt.html">Password management</a></li>
+<li class="toctree-l2"><a class="reference internal" href="../tkt_mgmt.html">Ticket management</a></li>
+<li class="toctree-l2 current"><a class="reference internal" href="index.html">User config files</a><ul class="current">
+<li class="toctree-l3"><a class="reference internal" href="k5login.html">.k5login</a></li>
+<li class="toctree-l3 current"><a class="current reference internal" href="">.k5identity</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="../user_commands/index.html">User commands</a></li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="../../admin/index.html">For administrators</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../appdev/index.html">For application developers</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../plugindev/index.html">For plugin module developers</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../build/index.html">Building Kerberos V5</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../basic/index.html">Kerberos V5 concepts</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../formats/index.html">Protocols and file formats</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../mitK5features.html">MIT Kerberos features</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../build_this.html">How to build this documentation from the source</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../about.html">Contributing to the MIT Kerberos Documentation</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../resources.html">Resources</a></li>
+</ul>
+
+ <br/>
+ <h4><a href="../../index.html">Full Table of Contents</a></h4>
+ <h4>Search</h4>
+ <form class="search" action="../../search.html" method="get">
+ <input type="text" name="q" size="18" />
+ <input type="submit" value="Go" />
+ <input type="hidden" name="check_keywords" value="yes" />
+ <input type="hidden" name="area" value="default" />
+ </form>
+ </div>
+ <div class="clearer"></div>
+ </div>
+ </div>
+
+ <div class="footer-wrapper">
+ <div class="footer" >
+ <div class="right" ><i>Release: 1.15.1</i><br />
+ &copy; <a href="../../copyright.html">Copyright</a> 1985-2017, MIT.
+ </div>
+ <div class="left">
+
+ <a href="../../index.html" title="Full Table of Contents"
+ >Contents</a> |
+ <a href="k5login.html" title=".k5login"
+ >previous</a> |
+ <a href="../user_commands/index.html" title="User commands"
+ >next</a> |
+ <a href="../../genindex.html" title="General Index"
+ >index</a> |
+ <a href="../../search.html" title="Enter search criteria"
+ >Search</a> |
+ <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__.k5identity">feedback</a>
+ </div>
+ </div>
+ </div>
+
+ </body>
+</html> \ No newline at end of file
diff --git a/doc/html/user/user_config/k5login.html b/doc/html/user/user_config/k5login.html
new file mode 100644
index 000000000000..4f75af623724
--- /dev/null
+++ b/doc/html/user/user_config/k5login.html
@@ -0,0 +1,193 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+ <head>
+ <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+
+ <title>.k5login &mdash; MIT Kerberos Documentation</title>
+
+ <link rel="stylesheet" href="../../_static/agogo.css" type="text/css" />
+ <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
+ <link rel="stylesheet" href="../../_static/kerb.css" type="text/css" />
+
+ <script type="text/javascript">
+ var DOCUMENTATION_OPTIONS = {
+ URL_ROOT: '../../',
+ VERSION: '1.15.1',
+ COLLAPSE_INDEX: false,
+ FILE_SUFFIX: '.html',
+ HAS_SOURCE: true
+ };
+ </script>
+ <script type="text/javascript" src="../../_static/jquery.js"></script>
+ <script type="text/javascript" src="../../_static/underscore.js"></script>
+ <script type="text/javascript" src="../../_static/doctools.js"></script>
+ <link rel="author" title="About these documents" href="../../about.html" />
+ <link rel="copyright" title="Copyright" href="../../copyright.html" />
+ <link rel="top" title="MIT Kerberos Documentation" href="../../index.html" />
+ <link rel="up" title="User config files" href="index.html" />
+ <link rel="next" title=".k5identity" href="k5identity.html" />
+ <link rel="prev" title="User config files" href="index.html" />
+ </head>
+ <body>
+ <div class="header-wrapper">
+ <div class="header">
+
+
+ <h1><a href="../../index.html">MIT Kerberos Documentation</a></h1>
+
+ <div class="rel">
+
+ <a href="../../index.html" title="Full Table of Contents"
+ accesskey="C">Contents</a> |
+ <a href="index.html" title="User config files"
+ accesskey="P">previous</a> |
+ <a href="k5identity.html" title=".k5identity"
+ accesskey="N">next</a> |
+ <a href="../../genindex.html" title="General Index"
+ accesskey="I">index</a> |
+ <a href="../../search.html" title="Enter search criteria"
+ accesskey="S">Search</a> |
+ <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__.k5login">feedback</a>
+ </div>
+ </div>
+ </div>
+
+ <div class="content-wrapper">
+ <div class="content">
+ <div class="document">
+
+ <div class="documentwrapper">
+ <div class="bodywrapper">
+ <div class="body">
+
+ <div class="section" id="k5login">
+<span id="k5login-5"></span><h1>.k5login<a class="headerlink" href="#k5login" title="Permalink to this headline">¶</a></h1>
+<div class="section" id="description">
+<h2>DESCRIPTION<a class="headerlink" href="#description" title="Permalink to this headline">¶</a></h2>
+<p>The .k5login file, which resides in a user&#8217;s home directory, contains
+a list of the Kerberos principals. Anyone with valid tickets for a
+principal in the file is allowed host access with the UID of the user
+in whose home directory the file resides. One common use is to place
+a .k5login file in root&#8217;s home directory, thereby granting system
+administrators remote root access to the host via Kerberos.</p>
+</div>
+<div class="section" id="examples">
+<h2>EXAMPLES<a class="headerlink" href="#examples" title="Permalink to this headline">¶</a></h2>
+<p>Suppose the user <tt class="docutils literal"><span class="pre">alice</span></tt> had a .k5login file in her home directory
+containing just the following line:</p>
+<div class="highlight-python"><div class="highlight"><pre>bob@FOOBAR.ORG
+</pre></div>
+</div>
+<p>This would allow <tt class="docutils literal"><span class="pre">bob</span></tt> to use Kerberos network applications, such as
+ssh(1), to access <tt class="docutils literal"><span class="pre">alice</span></tt>&#8216;s account, using <tt class="docutils literal"><span class="pre">bob</span></tt>&#8216;s Kerberos
+tickets. In a default configuration (with <strong>k5login_authoritative</strong> set
+to true in <a class="reference internal" href="../../admin/conf_files/krb5_conf.html#krb5-conf-5"><em>krb5.conf</em></a>), this .k5login file would not let
+<tt class="docutils literal"><span class="pre">alice</span></tt> use those network applications to access her account, since
+she is not listed! With no .k5login file, or with <strong>k5login_authoritative</strong>
+set to false, a default rule would permit the principal <tt class="docutils literal"><span class="pre">alice</span></tt> in the
+machine&#8217;s default realm to access the <tt class="docutils literal"><span class="pre">alice</span></tt> account.</p>
+<p>Let us further suppose that <tt class="docutils literal"><span class="pre">alice</span></tt> is a system administrator.
+Alice and the other system administrators would have their principals
+in root&#8217;s .k5login file on each host:</p>
+<div class="highlight-python"><div class="highlight"><pre>alice@BLEEP.COM
+
+joeadmin/root@BLEEP.COM
+</pre></div>
+</div>
+<p>This would allow either system administrator to log in to these hosts
+using their Kerberos tickets instead of having to type the root
+password. Note that because <tt class="docutils literal"><span class="pre">bob</span></tt> retains the Kerberos tickets for
+his own principal, <tt class="docutils literal"><span class="pre">bob&#64;FOOBAR.ORG</span></tt>, he would not have any of the
+privileges that require <tt class="docutils literal"><span class="pre">alice</span></tt>&#8216;s tickets, such as root access to
+any of the site&#8217;s hosts, or the ability to change <tt class="docutils literal"><span class="pre">alice</span></tt>&#8216;s
+password.</p>
+</div>
+<div class="section" id="see-also">
+<h2>SEE ALSO<a class="headerlink" href="#see-also" title="Permalink to this headline">¶</a></h2>
+<p>kerberos(1)</p>
+</div>
+</div>
+
+
+ </div>
+ </div>
+ </div>
+ </div>
+ <div class="sidebar">
+ <h2>On this page</h2>
+ <ul>
+<li><a class="reference internal" href="#">.k5login</a><ul>
+<li><a class="reference internal" href="#description">DESCRIPTION</a></li>
+<li><a class="reference internal" href="#examples">EXAMPLES</a></li>
+<li><a class="reference internal" href="#see-also">SEE ALSO</a></li>
+</ul>
+</li>
+</ul>
+
+ <br/>
+ <h2>Table of contents</h2>
+ <ul class="current">
+<li class="toctree-l1 current"><a class="reference internal" href="../index.html">For users</a><ul class="current">
+<li class="toctree-l2"><a class="reference internal" href="../pwd_mgmt.html">Password management</a></li>
+<li class="toctree-l2"><a class="reference internal" href="../tkt_mgmt.html">Ticket management</a></li>
+<li class="toctree-l2 current"><a class="reference internal" href="index.html">User config files</a><ul class="current">
+<li class="toctree-l3 current"><a class="current reference internal" href="">.k5login</a></li>
+<li class="toctree-l3"><a class="reference internal" href="k5identity.html">.k5identity</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="../user_commands/index.html">User commands</a></li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="../../admin/index.html">For administrators</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../appdev/index.html">For application developers</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../plugindev/index.html">For plugin module developers</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../build/index.html">Building Kerberos V5</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../basic/index.html">Kerberos V5 concepts</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../formats/index.html">Protocols and file formats</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../mitK5features.html">MIT Kerberos features</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../build_this.html">How to build this documentation from the source</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../about.html">Contributing to the MIT Kerberos Documentation</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../resources.html">Resources</a></li>
+</ul>
+
+ <br/>
+ <h4><a href="../../index.html">Full Table of Contents</a></h4>
+ <h4>Search</h4>
+ <form class="search" action="../../search.html" method="get">
+ <input type="text" name="q" size="18" />
+ <input type="submit" value="Go" />
+ <input type="hidden" name="check_keywords" value="yes" />
+ <input type="hidden" name="area" value="default" />
+ </form>
+ </div>
+ <div class="clearer"></div>
+ </div>
+ </div>
+
+ <div class="footer-wrapper">
+ <div class="footer" >
+ <div class="right" ><i>Release: 1.15.1</i><br />
+ &copy; <a href="../../copyright.html">Copyright</a> 1985-2017, MIT.
+ </div>
+ <div class="left">
+
+ <a href="../../index.html" title="Full Table of Contents"
+ >Contents</a> |
+ <a href="index.html" title="User config files"
+ >previous</a> |
+ <a href="k5identity.html" title=".k5identity"
+ >next</a> |
+ <a href="../../genindex.html" title="General Index"
+ >index</a> |
+ <a href="../../search.html" title="Enter search criteria"
+ >Search</a> |
+ <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__.k5login">feedback</a>
+ </div>
+ </div>
+ </div>
+
+ </body>
+</html> \ No newline at end of file
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-02 10:31:13 +0000