[28006] in CVS-changelog-for-Kerberos-V5
krb5 commit [krb5-1.12]: Use correct default principal for kadmin -n
daemon@ATHENA.MIT.EDU (Tom Yu)
Wed Oct 30 17:29:29 2013
Date: Wed, 30 Oct 2013 17:29:22 -0400
From: Tom Yu <tlyu@mit.edu>
Message-Id: <201310302129.r9ULTM1i008874@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/a3e57d424a37df16fb1d52e23a07763b4abd9c76
commit a3e57d424a37df16fb1d52e23a07763b4abd9c76
Author: Greg Hudson <ghudson@mit.edu>
Date: Mon Oct 28 13:33:05 2013 -0400
Use correct default principal for kadmin -n
Use WELLKNOWN/ANONYMOUS@realm as the default principal for kadmin -n,
just like we do for kinit -n.
(cherry picked from commit a30a82abc72c2a1a8d25948fe9cd1af49eaf62ec)
ticket: 7741
version_fixed: 1.12
status: resolved
src/kadmin/cli/kadmin.c | 20 ++++++++++++++------
1 files changed, 14 insertions(+), 6 deletions(-)
diff --git a/src/kadmin/cli/kadmin.c b/src/kadmin/cli/kadmin.c
index b2b464b..f5ca8ad 100644
--- a/src/kadmin/cli/kadmin.c
+++ b/src/kadmin/cli/kadmin.c
@@ -397,18 +397,26 @@ kadmin_startup(int argc, char *argv[])
}
/*
- * If no principal name is specified: If a ccache was specified
- * and its primary principal name can be read, it is used, else if
- * a keytab was specified, the principal name is host/hostname,
- * otherwise append "/admin" to the primary name of the default
- * ccache, $USER, or pw_name.
+ * If no principal name is specified: If authenticating anonymously, use
+ * the anonymouse principal for the local realm, else if a ccache was
+ * specified and its primary principal name can be read, it is used, else
+ * if a keytab was specified, the principal name is host/hostname,
+ * otherwise append "/admin" to the primary name of the default ccache,
+ * $USER, or pw_name.
*
* Gee, 100+ lines to figure out the client principal name. This
* should be compressed...
*/
if (princstr == NULL) {
- if (ccache_name != NULL &&
+ if (use_anonymous) {
+ if (asprintf(&princstr, "%s/%s@%s", KRB5_WELLKNOWN_NAMESTR,
+ KRB5_ANONYMOUS_PRINCSTR, def_realm) < 0) {
+ fprintf(stderr, _("%s: out of memory\n"), whoami);
+ exit(1);
+ }
+ freeprinc++;
+ } else if (ccache_name != NULL &&
!krb5_cc_get_principal(context, cc, &princ)) {
retval = krb5_unparse_name(context, princ, &princstr);
if (retval) {
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
