Back to Commands

klist

securityLinux/Unix/macOS
The klist command is one of the most frequently used commands in Linux/Unix-like operating systems. klist List Kerberos tickets in credential cache
See ExamplesView Syntax

Quick Reference

Command Name:

klist

Category:

security

Platform:

Linux/Unix/macOS

Basic Usage:

klist [options] [arguments]

Common Use Cases

    Syntax

    klist [options]

    Options

    Option Description
    -e Display encryption types for tickets
    -c cache_name Use an alternate credentials cache
    -A Display all credential caches
    -k List keys in keytab instead of tickets
    -t Show keytab entry timestamps
    -K Show keytab entries by key value
    -f Show ticket flags
    -s Set exit status based on valid TGT existence (0 if exists, 1 if not)
    -a Display addresses in tickets
    -n Show numeric addresses instead of host names
    -v Verbose output mode
    --version Display version information
    --help Display help message

    Examples

    How to Use These Examples

    The examples below show common ways to use the klist command. Try them in your terminal to see the results. You can copy any example by clicking on the code block.

    # Basic Examples Basic
    klist
    Display the current Kerberos tickets.
    klist -v
    Display tickets with verbose information.
    # Advanced Examples Advanced
    klist -c /tmp/krb5cc_special Display tickets in an alternate credentials cache. klist -e Show encryption types for tickets. klist -A Display all credential caches. klist -k List keys in a keytab instead of tickets. klist -k /etc/krb5.keytab List keys in a specific keytab file. klist -t Show the timestamps for tickets. klist -f Show flags for each ticket. klist -s Test if a valid TGT exists (returns status code).

    Try It Yourself

    Practice makes perfect! The best way to learn is by trying these examples on your own system with real files.

    Understanding Syntax

    Pay attention to the syntax coloring: commands, options, and file paths are highlighted differently.

    Notes

    klist is a command-line utility for listing and examining Kerberos tickets stored in the credential cache. It's an essential diagnostic and management tool for Kerberos authentication, providing visibility into the authentication state and ticket properties. Key features of klist: 1. Ticket Inspection: klist allows users to view their currently valid Kerberos tickets, including information about ticket validity periods, encryption types, and associated services. 2. Diagnostic Tool: It serves as a primary troubleshooting tool for Kerberos authentication issues, helping users verify if they have valid tickets and when those tickets will expire. 3. Keytab Management: With the -k option, klist can list the keys stored in a keytab file, which is useful for administrators managing service authentication configurations. 4. Multi-cache Support: The command can examine tickets in alternate credential caches or list all available credential caches, accommodating complex authentication scenarios. 5. Security Auditing: By showing encryption types and ticket flags, klist helps security professionals audit the strength and properties of authentication credentials. 6. Scriptable Verification: The -s option provides a simple way for scripts to test for the existence of valid credentials, returning appropriate exit codes without producing output. 7. Detailed Information: Various verbosity options enable users to get exactly the level of detail they need, from basic ticket listings to comprehensive ticket properties. Common use cases for klist include: - Verifying successful authentication after using kinit - Checking ticket expiration times to plan for renewals - Troubleshooting access issues with Kerberos-protected services - Auditing encryption types for security compliance - Reviewing keytab entries to ensure proper service principal configuration - Scripted monitoring of Kerberos authentication status - Educational demonstration of Kerberos ticket properties klist is available on most Unix-like operating systems (Linux, macOS, BSD) with Kerberos implementations such as MIT Kerberos or Heimdal. It's commonly used in enterprise environments, educational institutions, and other organizations that employ Kerberos for centralized authentication services.

    Related Commands

    These commands are frequently used alongside klist or serve similar purposes:

    kinit
    kdestroy
    kpasswd
    ksu
    kvno
    kadmin
    ktutil
    kswitch
    krb5-config
    gss-client
    Explore All Commands

    Use Cases

    Learn By Doing

    The best way to learn Linux commands is by practicing. Try out these examples in your terminal to build muscle memory and understand how the klist command works in different scenarios.

    See ExamplesTry Lab Exercises
    $ klist
    View All Commands