[27256] in CVS-changelog-for-Kerberos-V5
krb5 commit: Make kinit smarter about using keytabs
daemon@ATHENA.MIT.EDU (Benjamin Kaduk)
Fri Nov 16 12:15:31 2012
Date: Fri, 16 Nov 2012 12:15:12 -0500
From: Benjamin Kaduk <kaduk@mit.edu>
Message-Id: <201211161715.qAGHFCNU031302@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/cfd85f4130e015bf823a745438e87641f9ead49e
commit cfd85f4130e015bf823a745438e87641f9ead49e
Author: Ben Kaduk <kaduk@mit.edu>
Date: Thu Sep 27 12:46:26 2012 -0400
Make kinit smarter about using keytabs
Previously, we would happily accept -i or -t name and do nothing
with it, if -k was not given. If the user is passing -i or -t, they
clearly want to use a keytab, so do so (but print a warning).
While here, enforce that only one of -t and -i is given.
ticket: 7218
tags: pullup
target_version: 1.11
src/clients/kinit/kinit.c | 11 +++++++++++
1 files changed, 11 insertions(+), 0 deletions(-)
diff --git a/src/clients/kinit/kinit.c b/src/clients/kinit/kinit.c
index ac204c1..71a2fec 100644
--- a/src/clients/kinit/kinit.c
+++ b/src/clients/kinit/kinit.c
@@ -434,6 +434,17 @@ parse_options(argc, argv, opts)
fprintf(stderr, _("Only one of -a and -A allowed\n"));
errflg++;
}
+ if (opts->keytab_name != NULL && opts->use_client_keytab == 1)
+ {
+ fprintf(stderr, _("Only one of -t and -i allowed\n"));
+ errflg++;
+ }
+ if ((opts->keytab_name != NULL || opts->use_client_keytab == 1) &&
+ opts->action != INIT_KT)
+ {
+ opts->action = INIT_KT;
+ fprintf(stderr, _("keytab specified, forcing -k\n"));
+ }
if (argc - optind > 1) {
fprintf(stderr, _("Extra arguments (starting with \"%s\").\n"),
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5