klist

List cached Kerberos tickets. List the Kerberos principal and Kerberos tickets held in a credentials cache (also known as the ticket file).

Syntax
      klist [-c cache | --cache=cache] [-s | -t | --test] [-T | --tokens] [-5 | --v5]
         [-v | --verbose] [-l | --list-caches] [-f] [--version] [--help]

Key
   -c cache, --cache=cache
             Credential cache to list.

   -s, -t, --test
             Test for there being an active and valid TGT for the local realm of the user
             in the credential cache.

   -T, --tokens
             Display AFS tokens.

   -5, --v5
             Display v5 cred cache (this is the default).

   -f      Include ticket flags in short form, each character stands for a specific flag, as follows:
                   F    forwardable
                   f    forwarded
                   P    proxiable
                   p    proxied
                   D    postdate-able
                   d    postdated
                   R    renewable
                   I    initial
                   i    invalid
                   A    pre-authenticated
                   H    hardware authenticated

             This information is also output with the --verbose option, but in a more verbose way.

   -v, --verbose
             Verbose output. Include all possible information:
                   Server         The principal the ticket is for
                   Ticket etype   The encryption type used in the ticket, followed by the key version
                                  of the ticket, if available.
                   Session key    The encryption type of the session key, if it’s different from the
                                  encryption type of the ticket.
                   Auth time      The time the authentication exchange took place.
                   Start time     The time that this ticket is valid from (only printed if it’s different
                                  from the auth time).
                   End time       When the ticket expires, if it has already expired this is also noted.
                   Renew till     The maximum possible end time of any ticket derived from this one.
                   Ticket flags   The flags set on the ticket.
                   Addresses      The set of addresses from which this ticket is valid.

     -l, --list-caches
             List the credential caches for the current users, not all cache types supports listing
             multiple caches.

Examples

Query the Kerberos v5 ticket cache to determine if any tickets are present:

C:\> klist

List the credential caches for the current users:

C:\> klist -l

“Find out who you are and do it on purpose” ~ Dolly Parton

Related macOS commands

Local man page: klist - Command line help page on your local machine.
kdestroy(1)
kinit(1)
man krb5.conf - Configuration file for Kerberos 5 (connect to Active Directory/SMB shares)
Equivalent Windows command: klist - List cached Kerberos tickets.

 
Copyright © 1999-2025 windevcluster.com
Some rights reserved