| KLIST(1) | General Commands Manual | KLIST(1) | 
NAME
 klist — list Kerberos credentials
SYNOPSIS
| klist | [-c cache | --cache=cache] [-s | -t | --test] [-T | --tokens] [-5 | --v5] [-v | --verbose] [-l | --list-caches] [-f] [--version] [--help] | 
 
DESCRIPTION
 klist reads and displays the current tickets in the credential cache (also known as the ticket file).
Options supported:
- 
-c cache, --cache=cache
- 
credential cache to list
- 
-s, -t, --test
- 
Test for there being an active and valid TGT for the local realm of the user in the credential cache.
- 
-T, --tokens
- 
display AFS tokens
- 
-5, --v5
- 
display v5 cred cache (this is the default)
- 
-f
- 
Include ticket flags in short form, each character stands for a specific flag, as follows:
- 
F
- 
forwardable
- 
f
- 
forwarded
- 
P
- 
proxiable
- 
p
- 
proxied
- 
D
- 
postdate-able
- 
d
- 
postdated
- 
R
- 
renewable
- 
I
- 
initial
- 
i
- 
invalid
- 
A
- 
pre-authenticated
- 
H
- 
hardware authenticated
 
This information is also output with the --verbose option, but in a more verbose way. 
- 
-v, --verbose
- 
Verbose output. Include all possible information:
- 
Server
- 
the principal the ticket is for
- 
Ticket etype
- 
the encryption type used in the ticket, followed by the key version of the ticket, if it is available
- 
Session key
- 
the encryption type of the session key, if it's different from the encryption type of the ticket
- 
Auth time
- 
the time the authentication exchange took place
- 
Start time
- 
the time that this ticket is valid from (only printed if it's different from the auth time)
- 
End time
- 
when the ticket expires, if it has already expired this is also noted
- 
Renew till
- 
the maximum possible end time of any ticket derived from this one
- 
Ticket flags
- 
the flags set on the ticket
- 
Addresses
- 
the set of addresses from which this ticket is valid
 
- 
-l, --list-caches
- 
List the credential caches for the current users, not all cache types supports listing multiple caches.