14.17.1 ProblemYou want to view and possibly purge your Kerberos tickets. 14.17.2 SolutionBoth the kerbtray and klist utilities can be found in the Resource Kit. 14.17.2.1 Using a graphical user interface
14.17.2.2 Using a command-line interfaceRun the following command to list your current tickets: > klist tickets Run the following command to purge your tickets: > klist purge 14.17.3 DiscussionActive Directory uses Kerberos as its preferred network authentication system. When you authenticate to a Kerberos Key Distribution Center (KDC), which in Active Directory terms is a domain controller, you are issued one or more tickets. These tickets identify you as a certain principal in Active Directory and can be used to authenticate you to other Kerberized services. This type of ticket is known as a ticket-granting-ticket, or TGT. Once you've obtained a TGT, the client can pass that to a Kerberized service and if the service accepts the ticket, it will issue a service ticket that represents the client for the particular service. Kerberos is a fairly complicated system that cannot be done justice in a single paragraph. If you want more information on tickets and how the Kerberos authentication system works, see Kerberos:TheDefinitive Guide (O'Reilly). 14.17.4 See AlsoRFC 1510 (The Kerberos Network Authentication Service V5), and MS KB 232179 (Kerberos Administration in Windows 2000) |