[krbdev.mit.edu #8535] kinit from keytab fails when principal contains a backslash
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Fri Jan 6 16:27:12 EST 2017
In step three, the shell eats one of the backslash characters before
kinit sees it, so kinit parses the principal name
"anand\slash at DOMAIN". "\s" is parsed as just "s" (since it is not one
of the special sequences "\n", "\t", "\b", or "\0" which map to
newline, tab, bell, and nul), so the result of parsing is the same as
just "anandslash at DOMAIN".
If you put single quotes around the principal name in the shell line
like this:
kinit -k -t /tmp/slash.keytab -p 'anand\\slash at DOMAIN'
then it should work, or does in my tests just now.
(Incidentally, the -p flag requests proxiable tickets, which is not
common usage. You don't need to specify any particular option just to
give a principal name on the command line.)
More information about the krb5-bugs
mailing list