Kerberos List Main Topic | Next
klist [-?] [tickets | tgt | purge]
Where:
Option | Description |
---|---|
Server | Server and domain for the ticket. |
KerbTicket Encryption Type | Encryption type used to encrypt the Kerberos ticket. |
End Time | Time the ticket becomes no longer valid. Once a ticket is past this time, it can no longer be used to authenticate to a service. |
Renew Time | If the ticket is a renewable ticket (see TicketFlags below), then this is the maximum lifetime of the ticket. In order to continue using this ticket it must be renewed before the End Time. It can be renewed as long at it is before the End Time and is before the RenewUntil time. |
Option | Description |
---|---|
ServiceName | A TGT (ticket-granting-ticket) is a ticket for the KDC service. The service name for a TGT is "krbtgt". |
TargetName | Service name the ticket was requested for. This is the name of a servicePrincipalName property on an account in the directory. |
FullServiceName | Canonical name of the account principal for the service. |
DomainName | The domain name of the service. |
TargetDomainName | For a cross realm ticket, this is the realm in which the ticket is good instead of the issuing realm. |
AltTargetDomainName | The name supplied to InitializeSecurityContext that generated this ticket, usually an SPN. |
TicketFlags | Kerberos ticket flags set on the current ticket in hexadecimal. The KerbTray tool displays these flags visually in the Flags tab. |
KeyExpirationTime | The key expiration time from the KDC reply. |
Start time | Time the ticket becomes valid. |
End Time | Time the ticket becomes no longer valid. Once a ticket is past this time, it can no longer be used to authenticate to a service. |
RenewUntil | If the ticket is a renewable ticket (see TicketFlags), then this is the maximum lifetime of the ticket. In order to continue using a ticket it must be renewed. Tickets must be renewed before both the End Time and RenewUntil times expire. |
TimeSkew | The reported time difference between the client computer and the server computer for a ticket. |