[ Team LiB ] |
Recipe 14.17 Viewing and Purging Your Kerberos Tickets14.17.1 ProblemYou want to view and possibly purge your Kerberos tickets. 14.17.2 SolutionBoth the kerbtray and klist utilities can be found in the Resource Kit. 14.17.2.1 Using a graphical user interface
14.17.2.2 Using a command-line interfaceRun the following command to list your current tickets: > klist tickets Run the following command to purge your tickets: > klist purge 14.17.3 DiscussionActive Directory uses Kerberos as its preferred network authentication system. When you authenticate to a Kerberos Key Distribution Center (KDC), which in Active Directory terms is a domain controller, you are issued one or more tickets. These tickets identify you as a certain principal in Active Directory and can be used to authenticate you to other Kerberized services. This type of ticket is known as a ticket-granting-ticket, or TGT. Once you've obtained a TGT, the client can pass that to a Kerberized service and if the service accepts the ticket, it will issue a service ticket that represents the client for the particular service. Kerberos is a fairly complicated system that cannot be done justice in a single paragraph. If you want more information on tickets and how the Kerberos authentication system works, see Kerberos:TheDefinitive Guide (O'Reilly). 14.17.4 See AlsoRFC 1510 (The Kerberos Network Authentication Service V5), and MS KB 232179 (Kerberos Administration in Windows 2000) |
[ Team LiB ] |