kvno − print key version numbers of Kerberos principals
kvno [−c ccache] [−e etype] [−q] [−h] [−P] [−S sname] [−I for_user] [−U for_user] [−F cert_file] [−−u2u ccache] service1 service2 ...
kvno acquires a service ticket for the specified Kerberos principals and prints out the key version numbers of each.
Specifies the name of a credentials cache to use (if not the default)
Specifies the enctype which will be requested for the session key of all the services named on the command line. This is useful in certain backward compatibility situations.
Suppress printing output when successful. If a service ticket cannot be obtained, an error message will still be printed and kvno will exit with nonzero status.
Prints a usage statement and exits.
Specifies that the service1 service2 ... arguments are to be treated as services for which credentials should be acquired using constrained delegation. This option is only valid when used in conjunction with protocol transition.
Specifies that the service1 service2 ... arguments are interpreted as hostnames, and the service principals are to be constructed from those hostnames and the service name sname. The service hostnames will be canonicalized according to the usual rules for constructing service principals.
Specifies that protocol transition (S4U2Self) is to be used to acquire a ticket on behalf of for_user. If constrained delegation is not requested, the service name must match the credentials cache client principal.
Same as −I, but treats for_user as an enterprise name.
Specifies that protocol transition is to be used, identifying the client principal with the X.509 certificate in cert_file. The certificate file must be in PEM format.
Requests a user−to−user ticket. ccache must contain a local krbtgt ticket for the server principal. The reported version number will typically be 0, as the resulting ticket is not encrypted in the server's long−term key.
See kerberos(7) for a description of Kerberos environment variables.
Default location of the credentials cache
kinit(1), kdestroy(1), kerberos(7)