Open Source Kerberos Tooling

NAME

k5ping - kerberos server ping utility

SYNOPSIS

k5ping [-459tuv] [-n num] [-p princ] [-P pass] [-S sprinc] kdc [kdc ...]

DESCRIPTION

k5ping tests various operations against each of the KDCs on the command line. By default, k5ping will perform the follow list of actions:

  1. Authenticate to Kerberos 5 via TCP,

  2. Use the resulting credential to request a service ticket for sprinc,

  3. Authenticate to Kerberos 5 via UDP,

  4. Use the resulting credential to request a service ticket for sprinc,

  5. Use the credential from the last Kerberos 5 AS_REQ to request a Kerberos IV ticket for sprinc, via the krb524 service,

  6. Authenticate to Kerberos IV, and use the credential to request a service ticket for sprinc.

By default k5ping will test Kerberos 5 TCP/UDP and Kerberos 524, but not Kerberos IV as its use has been deprecated.

This is useful for quickly verifying the health of a kerberos server, and is suitable for inclusion in shell/perl scripts that check out the sanity of the Kerberos 5 world.

The options are as follows:

-4
Test Kerberos IV.

-5
Test Kerberos 5.

-9
Test krb524.

-n num
Loop over the test num times.

-P pass
The password for the client principal.

-p princ
Client principal.

-S sprinc
The service principal.

-t
Use TCP when testing Kerberos 5.

-u
Use UDP when testing Kerberos 5.

-v
Increment verbose level. May be specified more than once.

SEE ALSO

kinit(1), krb524init(1),and kvno(1).

BUGS

Princ and sprinc must be in the same realm.

If Kerberos IV is used, then temporary files are used in /tmp.