Linux Commands

How To Check the Kerberos Version in Linux

Kerberos authentication protocol, invented and developed by MIT, remains one of the most used authentication protocols by institutions and organizations worldwide. And like most authentication protocols, the Kerberos protocol continues to undergo notable developments. It is currently on version 5.It is logical to check and know the version in your Linux to understand this authentication protocol. Of course, this article will focus more on Kerberos 4 and Kerberos 5 since MIT’s first three versions were primarily used internally.

Version 5 was the first version that achieved use beyond MIT for administrative purposes. While many users found it helpful, it had a few shortfalls. Thus, version 5 of this authenticating tool addressed most issues raised by those who used version 4. Also, version 5 is useful in more environments and situations than version 4.

This article will highlight several differences between Kerberos 5 (KBR5) and Kerberos 4. This article will also provide a step-by-step guide on checking the Kerberos Linux on your Linux.

Differences Between Version 4 and Version 5

The following table provides some notable differences between the Kerberos version 4 and Kerberos version 5:

Kerberos Version 4 Kerberos Version 5
Launched in the late 1980s Launched in 1993
Provides ticket support It provides ticket support and additional functions to renew, forward, and post-date tickets
Works on the principle that the receiver will always make the right encoding system Utilizes the ASN.1 encoding system
Encrypts using Data Encryption Standard It can use any encryption method since the cipher text always has an encryption identifier
It specifies ticket lifetimes in units for each lifetime of 5 mins You can enjoy the freedom of arbitrary time when specifying ticket lifetimes

Step by Step Guide on How To Check the Kerberos Version in Your Linux

Of course, you should always know the version of your Kerberos before you consider configuring your Linux for authentication. The following steps will come in handy;

Step1: Check if Your Linux Machine Has a Kerberos Installation

Notably, you will only check your Kerberos version if you do not have Kerberos on your Linux. Thus, the first step will be to check if you have Kerberos installed on your computer. The following command should come in handy:

Step 2: Use the Kinit Tool To Create Yourself a Ticket

The Kinit tool comes in handy in obtaining and caching Kerberos tickets. So, it would be appropriate to use the tool to create a ticket. Without Kerberos tickets, authenticating or getting the details of your Kerberos can be a nightmare. The syntax for the Kinit command is [-V] [-l lifetime] [-s] [-r] [-p | -P] [-f or -F] [-a] / [-A] [-C] [-E] [-v] [-R] [-k [-t] [-c cache_name] [-n] [-S] [-T armor_ccache] [-X [=value]] [principal]

A ticket with a lifetime of 5 days and 10 hours for user KenHint will often look like this:

Step 3: Use the Klist Tool To Check Your Credentials

Once you create a ticket, you can view the credentials using the Klist tool. The Klist command is another widely used Kerberos Linux command. Its synopsis is klist [-e] [[-c] [-l] [-A] [-f] [-s] [-a [-n]]] [-k [-t] [-K]] [cache_name | keytab_name]

Usually, your credentials will always look like this:

Step 4: Check the Kerberos Packages Installed

You need to know all the packages installed in your Linux Kerberos. Indeed, your list of packages will always have details similar to the ones on the following screenshot. Note that your realm and user names will always change to reflect your actual details.

Step 5: Check Your Kerberos Version

Finally, it is time to determine the version of Kerberos installed in your Linux machine. The following command will help you check the correct Kerberos version in your Linux:


With this article’s information, I believe you can determine the Kerberos version on your Linux. This plays a significant role in using Kerberos correctly since each version has a different functional level. Still, it is vital to note that you should continue using Version 5 as it is the most developed and offers an array of capabilities.

About the author

Kennedy Brian

Brian is a computer scientist with a bias for software development, programming, and technical content development. He has been in the profession since 2015. He reads novels, jogs, or plays table tennis whenever not on gadgets. He is an expert in Python, SQL, Java, and data and network security.