klist —
list Kerberos credentials
  
    | klist | [ -ccache |--cache=cache]
      [-s|-t|--test]
      [-T|--tokens]
      [-5|--v5]
      [-v|--verbose]
      [-l|--list-caches]
      [-f]
      [--version]
      [--help] | 
klist reads and displays the current tickets in the
  credential cache (also known as the ticket file).
Options supported:
  - -ccache,- -- -cache=cache
- credential cache to list
- -s,- -t,- -- -test
- Test for there being an active and valid TGT for the local realm of the
      user in the credential cache.
- -T,- -- -tokens
- display AFS tokens
- -5,- -- -v5
- display v5 cred cache (this is the default)
- -f
- Include ticket flags in short form, each character stands for a specific
      flag, as follows:
    
    
      - F
- forwardable
- f
- forwarded
- P
- proxiable
- p
- proxied
- D
- postdate-able
- d
- postdated
- R
- renewable
- I
- initial
- i
- invalid
- A
- pre-authenticated
- H
- hardware authenticated
 
 This information is also output with the
        --verboseoption, but
        in a more verbose way.
 
- -v,- -- -verbose
- Verbose output. Include all possible information:
    
    
      - Server
- the principal the ticket is for
- Ticket etype
- the encryption type used in the ticket, followed by the key version of
          the ticket, if it is available
- Session key
- the encryption type of the session key, if it's different from the
          encryption type of the ticket
- Auth time
- the time the authentication exchange took place
- Start time
- the time that this ticket is valid from (only printed if it's
          different from the auth time)
- End time
- when the ticket expires, if it has already expired this is also
        noted
- Renew till
- the maximum possible end time of any ticket derived from this one
- Ticket flags
- the flags set on the ticket
- Addresses
- the set of addresses from which this ticket is valid
 
 
- -l,- -- -list-caches
- List the credential caches for the current users, not all cache types
      supports listing multiple caches.