option letter for kinit fast

Jeffrey Hutzelman jhutz at cmu.edu
Mon Apr 13 15:48:40 EDT 2009

--On Monday, April 13, 2009 11:30:42 AM -0400 Greg Hudson <ghudson at MIT.EDU> 

> On Mon, 2009-04-13 at 10:48 -0400, Sam Hartman wrote:
>> I'd like to add an option to kinit to set the name of the FAST ccache.
> This option is specifically for using a pre-existing ccache as a ticket
> armor, right?  If, in the future, we are doing anonymous pkinit to
> derive the armor ticket, then kinit will presumably create its own
> credentials to use for that; if we are doing some future EKE-like armor,
> then we won't use a separate credentials cache at all.
> Here's the current getopt string in MIT krb5's kinit:
>   "r:fpFP54aAVl:s:c:kt:RS:vX:CE"

This is why I like keeping my getopt strings sorted:


Heimdal also uses at least -9 (--524convert) and -e (--enctypes).
Newer versions may also use others; the one I looked at was pretty old.

-- Jeff

More information about the krbdev mailing list