diff options
author | Greg Hudson <ghudson@mit.edu> | 2013-10-28 13:33:05 -0400 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2013-10-30 12:31:00 -0400 |
commit | a30a82abc72c2a1a8d25948fe9cd1af49eaf62ec (patch) | |
tree | 3fa379e481c13a5070f0af281ab3c44768aec619 | |
parent | 664f0d779ddc0aaf54a118a98a21ce7d53d81e08 (diff) | |
download | krb5-a30a82abc72c2a1a8d25948fe9cd1af49eaf62ec.tar.gz krb5-a30a82abc72c2a1a8d25948fe9cd1af49eaf62ec.tar.xz krb5-a30a82abc72c2a1a8d25948fe9cd1af49eaf62ec.zip |
Use correct default principal for kadmin -n
Use WELLKNOWN/ANONYMOUS@realm as the default principal for kadmin -n,
just like we do for kinit -n.
ticket: 7741 (new)
target_version: 1.12
tags: pullup
-rw-r--r-- | src/kadmin/cli/kadmin.c | 20 |
1 files changed, 14 insertions, 6 deletions
diff --git a/src/kadmin/cli/kadmin.c b/src/kadmin/cli/kadmin.c index b2b464b058..f5ca8adf30 100644 --- a/src/kadmin/cli/kadmin.c +++ b/src/kadmin/cli/kadmin.c @@ -397,18 +397,26 @@ kadmin_startup(int argc, char *argv[]) } /* - * If no principal name is specified: If a ccache was specified - * and its primary principal name can be read, it is used, else if - * a keytab was specified, the principal name is host/hostname, - * otherwise append "/admin" to the primary name of the default - * ccache, $USER, or pw_name. + * If no principal name is specified: If authenticating anonymously, use + * the anonymouse principal for the local realm, else if a ccache was + * specified and its primary principal name can be read, it is used, else + * if a keytab was specified, the principal name is host/hostname, + * otherwise append "/admin" to the primary name of the default ccache, + * $USER, or pw_name. * * Gee, 100+ lines to figure out the client principal name. This * should be compressed... */ if (princstr == NULL) { - if (ccache_name != NULL && + if (use_anonymous) { + if (asprintf(&princstr, "%s/%s@%s", KRB5_WELLKNOWN_NAMESTR, + KRB5_ANONYMOUS_PRINCSTR, def_realm) < 0) { + fprintf(stderr, _("%s: out of memory\n"), whoami); + exit(1); + } + freeprinc++; + } else if (ccache_name != NULL && !krb5_cc_get_principal(context, cc, &princ)) { retval = krb5_unparse_name(context, princ, &princstr); if (retval) { |