To use Kerberos authentication, the application user must obtain a Kerberos Ticket Granting Ticket (TGT) from the Kerberos server. The Kerberos server verifies the identity of the user and controls access to services using the credentials contained in the TGT.

If the application uses Kerberos authentication from a Windows client, the application user does not need to explicitly obtain a TGT. Windows Active Directory automatically obtains a TGT for the user.

If the application uses Kerberos authentication from a UNIX or Linux client and the kinit method of obtaining the TGT has not been automated, the application user must log onto the Kerberos server using the kinit command. For example, the following command requests a TGT from the server with a lifetime of 10 hours, which is renewable for 5 days.

kinit -l 10h -r 5d user

If the application uses Kerberos authentication from a UNIX or Linux client and the kinit method of obtaining the TGT has been automated, the application user does not need to explicitly obtain a TGT. Typically, in this scenario, a TGT is obtained programmatically at logon.

Note: The klist command can be used on Windows or UNIX/Linux systems to verify that the TGT has been obtained.

Refer to your Kerberos documentation for more information about using the kinit command and obtaining TGTs for users.