Provided by: krb5-user_1.17-6ubuntu4.11_amd64 bug

NAME
       kvno - print key version numbers of Kerberos principals


SYNOPSIS
       kvno [-c ccache] [-e etype] [-q] [-h] [-P] [-S sname] [-U for_user] [--u2u ccache] service1 service2 ...


DESCRIPTION
       kvno  acquires  a  service  ticket  for  the specified Kerberos principals and prints out the key version
       numbers of each.


OPTIONS
       -c ccache
              Specifies the name of a credentials cache to use (if not the default)

       -e etype
              Specifies the enctype which will be requested for the session key of all the services named on the
              command line.  This is useful in certain backward compatibility situations.

       -q     Suppress printing output when successful.  If a  service  ticket  cannot  be  obtained,  an  error
              message will still be printed and kvno will exit with nonzero status.

       -h     Prints a usage statement and exits.

       -P     Specifies  that  the  service1  service2  ...   arguments  are to be treated as services for which
              credentials should be acquired using constrained delegation.  This option is only valid when  used
              in conjunction with protocol transition.

       -S sname
              Specifies  that  the service1 service2 ... arguments are interpreted as hostnames, and the service
              principals are to be constructed from those hostnames and the service  name  sname.   The  service
              hostnames will be canonicalized according to the usual rules for constructing service principals.

       -U for_user
              Specifies  that  protocol  transition  (S4U2Self)  is  to be used to acquire a ticket on behalf of
              for_user.  If constrained delegation is not requested, the service name must match the credentials
              cache client principal.

       --u2u ccache
              Requests a user-to-user ticket.  ccache  must  contain  a  local  krbtgt  ticket  for  the  server
              principal.   The  reported  version  number  will  typically  be 0, as the resulting ticket is not
              encrypted in the server's long-term key.


ENVIRONMENT
       See kerberos(7) for a description of Kerberos environment variables.


FILES
       FILE:/tmp/krb5cc_%{uid}
              Default location of the credentials cache


SEE ALSO
       kinit(1), kdestroy(1), kerberos(7)


AUTHOR
       MIT


COPYRIGHT
       1985-2019, MIT

1.17                                                                                                     KVNO(1)