Use correct default principal for kadmin -n

Use WELLKNOWN/ANONYMOUS@realm as the default principal for kadmin -n,
just like we do for kinit -n.

ticket: 7741 (new)
target_version: 1.12
tags: pullup

1 files changed, 14 insertions, 6 deletions

diff --git a/src/kadmin/cli/kadmin.c b/src/kadmin/cli/kadmin.c
index b2b464b058..f5ca8adf30 100644
--- a/src/kadmin/cli/kadmin.c
+++ b/src/kadmin/cli/kadmin.c
@@ -397,18 +397,26 @@ kadmin_startup(int argc, char *argv[])
     }
 
     /*
-     * If no principal name is specified: If a ccache was specified
-     * and its primary principal name can be read, it is used, else if
-     * a keytab was specified, the principal name is host/hostname,
-     * otherwise append "/admin" to the primary name of the default
-     * ccache, $USER, or pw_name.
+     * If no principal name is specified: If authenticating anonymously, use
+     * the anonymouse principal for the local realm, else if a ccache was
+     * specified and its primary principal name can be read, it is used, else
+     * if a keytab was specified, the principal name is host/hostname,
+     * otherwise append "/admin" to the primary name of the default ccache,
+     * $USER, or pw_name.
      *
      * Gee, 100+ lines to figure out the client principal name.  This
      * should be compressed...
      */
 
     if (princstr == NULL) {
-        if (ccache_name != NULL &&
+        if (use_anonymous) {
+            if (asprintf(&princstr, "%s/%s@%s", KRB5_WELLKNOWN_NAMESTR,
+                         KRB5_ANONYMOUS_PRINCSTR, def_realm) < 0) {
+                fprintf(stderr, _("%s: out of memory\n"), whoami);
+                exit(1);
+            }
+            freeprinc++;
+        } else if (ccache_name != NULL &&
             !krb5_cc_get_principal(context, cc, &princ)) {
             retval = krb5_unparse_name(context, princ, &princstr);
             if (retval) {