NAME
     kinit - obtain and cache Kerberos ticket-granting ticket

SYNOPSIS
     kinit
          [-l lifetime] [-s start_time] [-v]
          [-p|--proxiable|--noproxiable]
          [-f|--forwardable|--noforwardable] [-k [-t
          keytab_file]] [-r renewable_life] [-R] [-c cache_name]
          [-S service_name] [principal] [--version]

DESCRIPTION
     kinit obtains and caches an initial  ticket-granting  ticket
     for principal.

OPTIONS
     -l lifetime
          requests a ticket  with  the  lifetime  lifetime.   The
          value  for lifetime must be followed immediately by one
          of the following delimiters:

             s  seconds
             m  minutes
             h  hours
             d  days

          as in "kinit -l 90m".  You cannot mix units; a value of
          `3h30m' will result in an error.

          If the -l option is not specified, the  default  ticket
          lifetime (configured by each site) is used.  Specifying
          a ticket lifetime longer than the maximum ticket  life-
          time (configured by each site) results in a ticket with
          the maximum lifetime.

     -s start_time
          requests  a  postdated  ticket,   valid   starting   at
          start_time.   Postdated  tickets  are  issued  with the
          invalid flag set, and need to be fed back  to  the  kdc
          before use.

     -v   requests that the ticket granting ticket in  the  cache
          (with  the  invalid  flag set) be passed to the kdc for
          validation.  If the ticket is within its requested time
          range, the cache is replaced with the validated ticket.

     -p | --proxiable | --noproxiable
          The -p and --proxiable flags request proxiable tickets.
          The   --noproxiable   flag   explicitly  requests  non-
          proxiable tickets, which is useful for  overriding  the
          application defaults in the host's krb5.conf(5) file.

     -f | --forwardable | --noforwardable
          The -f and  --forwardable  flags  requests  forwardable
          tickets.   The --noforwardable flag explicitly requests
          non-forwardable tickets, which is useful for overriding
          the  application  defaults  in  the host's krb5.conf(5)
          file.

     -r renewable_life
          requests renewable tickets, with a  total  lifetime  of
          renewable_life.   The duration is in the same format as
          the -l option, with the same delimiters.

     -R   requests renewal of the ticket-granting  ticket.   Note
          that  an  expired ticket cannot be renewed, even if the
          ticket is still within its renewable life.

     -k [-t keytab_file]
          requests a host ticket, obtained  from  a  key  in  the
          local host's keytab file.  The name and location of the
          keytab file may be specified with  the  -t  keytab_file
          option; otherwise the default name and location will be
          used.

     -c cache_name
          use cache_name as the credentials (ticket)  cache  name
          and  location;  if this option is not used, the default
          cache name and location are used.

          The default credentials cache may vary between systems.
          If  the  KRB5CCNAME  environment  variable  is set, its
          value is used to name the default  ticket  cache.   Any
          existing contents of the cache are destroyed by kinit.

     -S service_name
          specify an alternate service name to use  when  getting
          initial tickets.

     --version
          Prints out the KerbNet release version  of  the  binary
          and then exits.

CONFIGURATION
     Kinit can be configured in the [libdefaults] section of  the
     krb5.conf(5)  file.   Kinit utilizes the forwardable, proxi-
     able, and renew_lifetime flags.  (See  krb5.conf(5)  for  an
     explanation of these flags.)

ENVIRONMENT
     Kinit uses the following environment variable:

     KRB5CCNAME      Location of the credentials (ticket) cache.

FILES
     /tmp/krb5cc_[uid]  default credentials cache ([uid]  is  the
                        decimal UID of the user).

     /etc/v5srvtab      default location  for  the  local  host's
                        keytab file.

     /etc/krb5.conf     file containing local host's Kerberos  V5
                        configuration information

SEE ALSO
     klist(1), kdestroy(1), krb5(3), krb5.conf(5)