krb5 commit [krb5-1.11]: Make kinit smarter about using keytabs
Tom Yu
tlyu at MIT.EDU
Fri Nov 16 17:46:34 EST 2012
https://github.com/krb5/krb5/commit/aff7056302e756da95408690cb8a083479af5056
commit aff7056302e756da95408690cb8a083479af5056
Author: Ben Kaduk <kaduk at mit.edu>
Date: Thu Sep 27 12:46:26 2012 -0400
Make kinit smarter about using keytabs
Previously, we would happily accept -i or -t name and do nothing
with it, if -k was not given. If the user is passing -i or -t, they
clearly want to use a keytab, so do so (but print a warning).
While here, enforce that only one of -t and -i is given.
(cherry picked from commit cfd85f4130e015bf823a745438e87641f9ead49e)
ticket: 7218
src/clients/kinit/kinit.c | 11 +++++++++++
1 files changed, 11 insertions(+), 0 deletions(-)
diff --git a/src/clients/kinit/kinit.c b/src/clients/kinit/kinit.c
index ac204c1..71a2fec 100644
--- a/src/clients/kinit/kinit.c
+++ b/src/clients/kinit/kinit.c
@@ -434,6 +434,17 @@ parse_options(argc, argv, opts)
fprintf(stderr, _("Only one of -a and -A allowed\n"));
errflg++;
}
+ if (opts->keytab_name != NULL && opts->use_client_keytab == 1)
+ {
+ fprintf(stderr, _("Only one of -t and -i allowed\n"));
+ errflg++;
+ }
+ if ((opts->keytab_name != NULL || opts->use_client_keytab == 1) &&
+ opts->action != INIT_KT)
+ {
+ opts->action = INIT_KT;
+ fprintf(stderr, _("keytab specified, forcing -k\n"));
+ }
if (argc - optind > 1) {
fprintf(stderr, _("Extra arguments (starting with \"%s\").\n"),
More information about the cvs-krb5
mailing list