How to use klist to show kerberos principal instance URL?
When I type klist, it only shows the primary username and realm:
> klist -a
Ticket cache: FILE:...
Default principal: [email protected]
Valid starting Expires Service principal
04/30/2017 21:03:00 05/01/2017 07:03:00 primary/[email protected]
renew until 05/07/2017 21:02:56
Addresses: (none)
The default principal doesn't have instance name included.
How to show it in klist? Or is it missing in my system?
Thanks a lot!
Solution 1:
An instance principal is just another principal. I the credential cache was using one, it would be obvious. As it's not, it is reasonable to assume that the system was no configured to use on is this particular case. Also note that is it unusual for user principals to have instances, while it is common for server principals.
Below are credential caches for a user and for an sssd
process.
$ klist
Ticket cache: FILE:/tmp/krb5cc_1234_WAE7Uw
Default principal: [email protected]
Valid starting Expires Service principal
05/02/2017 09:35:03 05/02/2017 21:35:03 krbtgt/[email protected]
renew until 05/03/2017 09:35:03
05/02/2017 09:54:53 05/02/2017 21:35:03 ldap/ldap2.example.com@
renew until 05/03/2017 09:35:03
05/02/2017 09:54:53 05/02/2017 21:35:03 ldap/[email protected]
renew until 05/03/2017 09:35:03
05/02/2017 09:55:04 05/02/2017 21:35:03 ldap/ldap1.example.com@
renew until 05/03/2017 09:35:03
05/02/2017 09:55:04 05/02/2017 21:35:03 ldap/[email protected]
renew until 05/03/2017 09:35:03
$ sudo klist -c /tmp/krb5ccmachine_EXAMPLE.COM
icket cache: FILE:/tmp/krb5ccmachine_EXAMPLE.COM
Default principal: host/[email protected]
Valid starting Expires Service principal
05/02/2017 01:37:44 05/02/2017 13:37:44 krbtgt/[email protected]
05/02/2017 01:37:44 05/02/2017 13:37:44 nfs/nfs1.example.com@
05/02/2017 01:37:44 05/02/2017 13:37:44 nfs/[email protected]