[krbdev.mit.edu #7962] remote kadmin client doesn't parse "-norandkey"
Tom Yu via RT
rt-comment at krbdev.mit.edu
Mon Jul 7 11:15:46 EDT 2014
It seems that the kadmin (remote) client doesn't parse "-norandkey" at
all, apparently causing option parsing to terminate. kadmin should
probably parse the argument and return an error that it's invalid for
use with remote kadmin. Currently, the option parsing code for
"-norandkey" is conditional on KADMIN_LOCAL.
See IRC log from #kerberos below for an example of user confusion
resulting from this behavior:
07:00 <demifuror> hi guys. when i run "xst -norandkey -k hdfs.keytab
hdfs/node.myhost.com HTTP/node.myhost.com", i get "kadmin: Principal
-norandkey does not exist. kadmin: Principal -k does not exist. kadmin:
Principal hdfs.keytab does not exist." are these warnings or errors?
after that, i get a bunch of lines like "Entry for principal
hdfs/node.myhost.com with kvno 5, encryption type
aes256-cts-hmac-sha1-96 added to keytab FILE:/etc/krb5.keytab."
07:25 <demifuror> okay, so, it's because im using kadmin instead of
kadmin.local...just gonna leave them out, hopefully it doesnt break
anything
More information about the krb5-bugs
mailing list