KfW 3.1: Re-directed stderr of kinit/klist displays dialog
Christopher D. Clausen
cclausen at acm.org
Tue Feb 20 19:23:29 EST 2007
petesea at bigfoot.com wrote:
> On Tue, 20 Feb 2007, Jeffrey Altman wrote:
>> petesea at bigfoot.com wrote:
>>
>>> Is there a way to redirect stderr from kinit/klist to a file?
>>
>> stdin and stderr cannot be redirected. they are used for password
>> prompting
>
> Hmmm.... but I'm not trying to redirect the password prompt... in
> fact, kinit won't let me redirect the password prompt, it still
> displays it in the shell (NOT as a Windows dialog):
>
> C:\> kinit 2>err.our
> Password for bozo at CLOWN.COM:
>
> That's fine.... and I'm not suggesting it should work any
> different... for the password prompt that is...
>
> But if I'm using "kinit -kt" or "klist" or "kdestroy"... (none of
> which should prompt for a password or require any keyboard input),
> then I think you should be able to redirect stderr.
>
> Unfortunately, if I try to run any of those commands and I get an
> error AND stderr is re-directed then I get a Windows dialog instead.
>
> C:\> kinit -kt foobar 2>err.out
> (Windows dialog with error, nothing in err.out)
>
> The problem is, if you're running an automated background job using a
> keytab and something's wrong (eg the keytab is missing), it makes it
> VERY difficult to find the problem. You can't redirect stderr
> because that triggers a Windows dialog which could cause the
> background job to hang waiting for user input it's never going to
> get. Or if it doesn't hang, there's no way to log the error to see
> why it failed.
Well, can't you check the exit error codes set by the program?
C:\>kinit -kt test
kinit(v5): Cannot resolve network address for KDC in requested realm
while getting initial credentials
C:\>echo %ERRORLEVEL%
1
C:\>klist
klist: No credentials cache found (ticket cache
API:notguest at AD.UIUC.EDU)
C:\>echo %ERRORLEVEL%
1
C:\>kinit cclausen
Password for cclausen at AD.UIUC.EDU:
C:\>echo %ERRORLEVEL%
0
C:\>klist
Ticket cache: API:notguest at AD.UIUC.EDU
Default principal: cclausen at AD.UIUC.EDU
Valid starting Expires Service principal
02/20/07 18:14:49 02/21/07 04:14:49 krbtgt/AD.UIUC.EDU at AD.UIUC.EDU
C:\>echo %ERRORLEVEL%
0
Also, I can redirect the klist output just fine. What are you doing?
C:\>klist 2>&1 1>%TEMP%\test.txt
C:\>cat %TEMP%\test.txt
Ticket cache: API:notguest at AD.UIUC.EDU
Default principal: cclausen at AD.UIUC.EDU
Valid starting Expires Service principal
02/20/07 18:14:49 02/21/07 04:14:49 krbtgt/AD.UIUC.EDU at AD.UIUC.EDU
C:\>
But yes, I'd agree that dialogs from kinit stderr redirection attempts
are quite odd and unexpected.
<<CDC
More information about the Kerberos
mailing list