option letter for kinit fast
Jeffrey Hutzelman
jhutz at cmu.edu
Mon Apr 13 15:48:40 EDT 2009
--On Monday, April 13, 2009 11:30:42 AM -0400 Greg Hudson <ghudson at MIT.EDU>
wrote:
> On Mon, 2009-04-13 at 10:48 -0400, Sam Hartman wrote:
>> I'd like to add an option to kinit to set the name of the FAST ccache.
>
> This option is specifically for using a pre-existing ccache as a ticket
> armor, right? If, in the future, we are doing anonymous pkinit to
> derive the armor ticket, then kinit will presumably create its own
> credentials to use for that; if we are doing some future EKE-like armor,
> then we won't use a separate credentials cache at all.
>
> Here's the current getopt string in MIT krb5's kinit:
>
> "r:fpFP54aAVl:s:c:kt:RS:vX:CE"
This is why I like keeping my getopt strings sorted:
45ACEFPRS:VX:ac:fkl:pr:s:t:v
Heimdal also uses at least -9 (--524convert) and -e (--enctypes).
Newer versions may also use others; the one I looked at was pretty old.
-- Jeff
More information about the krbdev
mailing list