kerberos Cheat Sheet

Linux CLI

klist                            # Print ticket cache   
klist -kte <keytab>              # Get principal name from ktab

kinit -kt  <keytab>              # Get a kerberos ticket
kinit -p                         # Request proxiable ticket
kinit -R                         # Renew proxiable ticket

KRB5_TRACE=/dev/stdout kinit [...]      # Detailed trace of ticket requesting

setspn -F -Q */<fqdn>            # Verify if registration was on correct account

Check DNS resolving

dig +short SRV _kerberos._tcp.<fqdn>

CLI Windows

klist get <SPN>
klist purge                      # Purge cache (log off)
klist sessions                   # logonIDs for sessions
klist kcd_cache                  # Check constraint delegation

klist query-bind                 # Show binding to KDC
klist add-bind <name> <fqdn>
klist purge-bind

KDC CLI

See http://www.openkb.info/2014/06/kerberos-cheatsheet.html

kerberos Cheat Sheet Edit Cheat Sheet

Linux CLI

CLI Windows

KDC CLI

kerberos Cheat Sheet