MIT Kerberos displays your tickets in the main window. The tickets (if any) are organized by the principal who owns them. To the right of the principal are columns with information about the tickets.
Use the table below to jump to a column description, or scroll down to view all available columns.
Learn about... |
---|
Column | Description |
---|---|
Principal | The identity that has obtained the ticket. This is your user name (e.g., Jsmith) plus the Kerberos realm (or Windows domain) you belong to (e.g., @SERVER.MEGACORP.COM). If like many users you have only one Kerberos name and belong to only one realm, you will have only one principal.
The principal that is currently the default principal appears in bold. About: Default Principals
The information displayed in the columns to the right of the principal
applies only to the principal's initial Ticket Granting Ticket (TGT).
Click the arrow in front of the principal name to expand the view.
The expanded view shows all of the tickets and session keys issued to
the principal. The TGT is listed with a prefix of krbtgt. Any other tickets and session keys were automatically issued when you accessed a service through Kerberos. About: Kerberos Terminology (Tickets) |
Issued | The date and time the ticket was originally obtained. |
Renewable Until | The date and time marking the end of each ticket's renewable lifetime. If the column is wide enough you will also see the number of days and hours remaining in the ticket's renewable lifetime. After this time, you cannot renew the ticket and must instead get a new one. If this column shows Not Renewable, the ticket was not flagged as renewable when you obtained it. Related Help: |
Valid Until | The date and time the ticket will expire and can no longer be used or renewed. If the column is wide enough
you will also see the number of hours and minutes remaining before the
ticket expires. Kerberos alerts you to expiring tickets with a warning
in a pop up window.
To add an audible warning, open the Options tab and select Expiration Alarm in the Ticket Options panel. How to: Use Ticket Options Panel |
Encryption Type | Shows what type of encryption was used to encode the session key and the ticket.
Kerberos supports multiple types of encryption. The type used for a
particular ticket or session key is automatically negotiated when you
request a ticket or a service. About: Encryption Types |
Flags | Shows how the tickets were flagged (renewable and/or fowardable) when you obtained them. You cannot change how an existing flag is set. If you need a ticket with different flags, you must get a new ticket. Forwardable and Proxiable tickets can be forwarded to the remote host when you connect via telnet, ssh, ftp, rlogin, or similar applications. Renewable tickets can be renewed until the time and day shown in the Renewable Until column. Each time a ticket is renewed, its lifetime is extended by the length of the original ticket. |