Open Source Kerberos Tooling
Overview
Source
KNC
Kharon
krb5_admin
krb5_keytab
k5ping
lnetd
prefork
KRB5_PRESTASH(1)
KRB5_PRESTASH(1) General Commands Manual KRB5_PRESTASH(1)

NAME

krb5_prestashmanage/fetch prestashed tickets

SYNOPSIS

krb5_prestash [-EMlv] [-h hostspec] [-r REALM] command arg [arg ...]

DESCRIPTION

krb5_prestash is used to add, remove, query and fetch prestashed tickets.

The options are as follows:

-E
expand hosts accoring to site-specific rules.
-M
connect to the master KDC.
-h hostspec
connect to hostspec instead of searching for KDCs using the usual method. A hostspec has a format of [service@]hostname[:port].
-r REALM
connect to one of the KDCs for realm REALM.
-l
operate on the local Kerberos DB.
-v
make the output a bit more verbose.

The commands are:

fetch REALM [REALM ...]
will fetch all of the configured prestashed tickets for the current host and install them in /var/spool/tickets. This command must be run as root as it must change the ownership of the installed credentials caches to the appropriate users.
insert principal host [host ...]
will prestash tickets for the principal principal on the provided list of hosts.
refresh principal host [host ...]
will push fresh tickets for the principal principal to the provided list of hosts or the current host by default. All provided hosts (or the default) must already be configured as prestash hosts for the principal.
query principal principal
will output the hosts on which principal's tickets have been prestashed. The default output of this command is a newline separated list of hostnames. If -E is specified, the hosts will be ``expanded'' before they are listed. If -v is specified, a table will be output displaying both the configured host and the expanded target. See Host Expansion, below.
query host host
will output the list of principal's whose tickets are are prestashed on host. The default output of this command is a newline separated list of Kerberos principals. If -E is specified, the hosts will be ``expanded'' before the query is made. If -v is specified, a table will be output displaying both the configured host and the expanded target. See Host Expansion, below.
remove principal host [host ...]
will remove prestashed tickets for the principal principal on the provided list of hosts.

Host Expansion

Each site may provide a host expansion mechanism which allows for host aliases to be used in krb5_prestash. In this case, the flags -E and -v will cause queries to use host expansion.
February 3, 2012 NetBSD 6.1.4