Kerberos - kinit


kinit is an utility that permits to obtain and cache Kerberos ticket-granting tickets.

You can then verify that the Kerberos configuration is good and that the authentication is working.

Getting Started

Own username

kinit assumes you want tickets for your own username in your default realm.

Password for [email protected]: 
New ticket is stored in cache file C:\Users\gerard\krb5cc_gerard

Someone else

A friend David is visiting, and he wants to borrow a window to check his mail. David needs to get tickets for himself in his own realm.

kinit [email protected]
Password for [email protected]: 

With a keytab file

Kerberos - KeyTab (Key Table)

kinit -V -k -t /path/To/keyTabFile principal
Authenticated to Kerberos v5

Operating System




>where kinit
C:\Program Files\Java\jdk1.8.0_05\bin\kinit.exe


>kinit -help
Usage: kinit [-A] [-f] [-p] [-c cachename] [[-k [-t keytab_file_name]] [principal] [password]
        available options to Kerberos 5 ticket request:
            -A   do not include addresses
            -f   forwardable
            -p   proxiable
            -c   cache name (i.e., FILE:\d:\myProfiles\mykrb5cache)
            -k   use keytab
            -t   keytab file name
            principal   the principal name (i.e., [email protected] qweadf)
            password   the principal's Kerberos password



KDC has no support for encryption type

Generally the error “KDC has no support for encryption type” has nothing to do with the encryption type itself but with access to the credentials (ie bad domain controller host, …). It's a very misleading error message.

Key table entry not found

“Key table entry not found” means that the client presented a service ticket whose contents don't match anything in the server's keytab file.

In this scenario the most likely reason is that:

  • you didn't regenerate the keytab file after enabling an enctypes.
  • the entry is not in the keytab file

Discover More
Kerberos Ticket Manager Ticket Get
Kerberos - (Ticket|Credentials)

Kerberos credentials, or “tickets” are the credentials in Kerberos. There are only two different types for tickets that the KDC issues. Ticket Granting Ticket (TGT). The first ticket obtained is...
Kerberos - Authentication

in Kerberos The KDC is the service that is responsible for authenticating users when Kerberos is used. See
Kerberos - Windows

Kerberos management on Windows - installation and configuration The following tools obtain, list, and manage Kerberos tickets on Windows: kinit: You use the kinit tool and its options to...
Wna Sso Kerberos Weblogic
OBIEE 11G - SSO Authentication with Windows Native Authentication (WNA)

This article will go through an SSO Authentication with Windows Native Authentication (WNA) and kerberos Weblogic is on a Unix machines A Windows 2000 (or later release) Server domain...

Share this page:
Follow us:
Task Runner