To use Kerberos authentication, you must generate an initial ticket called Ticket Granted Ticket (TGT) from the Key Distribution Center. The procedure to obtain this ticket depends on the Kerberos libraries being used. For additional information, refer to the vendor documentation.
To generate TGTs for the MIT Kerberos client library
Start the kinit utility at the command line:
% kinit
Enter the kinit user name, such as your_name@YOUR.REALM.
Enter the password for your_name@YOUR.REALM, such as “my_password.” When you enter your password, the kinit utility submits a request to the Authentication Server for a Ticket Granting Ticket (TGT).
The password is used to compute a key, which in turn is used to decrypt part of the response. The response contains the confirmation of the request, as well as the session key. If you entered your password correctly, you now have a TGT.
To verify that you have a TGT, enter the following at the command line:
% klist
The results of the klist command should be:
Ticket cache: /var/tmp/krb5cc_1234
Default principal: your_name@YOUR.REALM
Valid starting Expires Service principal
24-Jul-95 12:58:02 24-Jul-95 20:58:15 krbtgt/YOUR.REALM@YOUR.REALM
Ticket cache The ticket cache field tells you which file contains your credentials cache.
Default principal The default principal is the login of the person who owns the TGT (in this case, you).
Valid starting/Expires/Service
principal The remainder of the output is a list of your existing tickets.
Because this is the first ticket you have requested, there is only
one ticket listed. The service principal (krbtgt/YOUR.REALM@YOUR.REALM)
shows that this ticket is a TGT. Note that this ticket is good for
approximately 8 hours.
