diff options
author | Sam Hartman <hartmans@mit.edu> | 2010-09-15 17:13:41 +0000 |
---|---|---|
committer | Sam Hartman <hartmans@mit.edu> | 2010-09-15 17:13:41 +0000 |
commit | d100b4410ab933e21b4f3390f1b2f27d4e872442 (patch) | |
tree | bdec7d4a785c027a6991f2639e13748d3bf57dc5 /src/clients/kinit/kinit.M | |
parent | 41f6fee5e77e49732ae7c71808204aeb77aa1013 (diff) | |
download | krb5-d100b4410ab933e21b4f3390f1b2f27d4e872442.tar.gz krb5-d100b4410ab933e21b4f3390f1b2f27d4e872442.tar.xz krb5-d100b4410ab933e21b4f3390f1b2f27d4e872442.zip |
kinit: add KDB keytab support
This implements
http://k5wiki.kerberos.org/Projects/What_does_God_need_with_a_password.
If the KDB keytab is selected by command line options, then kinit will
register the KDB keytab and open the database. This permits an
administrator to obtain tickets as a user without knowing that user's
password.
As a result kinit links against libkadm5srv and libkdb5. Discussion is
ongoing about whether this is desirable or about whether two versions
of kinit are required.
ticket: 6779
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24316 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/clients/kinit/kinit.M')
-rw-r--r-- | src/clients/kinit/kinit.M | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/src/clients/kinit/kinit.M b/src/clients/kinit/kinit.M index 1d434c0fbd..80af95bbd1 100644 --- a/src/clients/kinit/kinit.M +++ b/src/clients/kinit/kinit.M @@ -131,13 +131,17 @@ ticket cannot be renewed, even if the ticket is still within its renewable life. .TP \fB\-k\fP [\fB\-t\fP \fIkeytab_file\fP] -requests a host ticket, obtained from a key in the local host's +requests a ticket, obtained from a key in the local host's .I keytab file. The name and location of the keytab file may be specified with the .B \-t .I keytab_file -option; otherwise the default name and location will be used. +option; otherwise the default name and location will be used. By default a host ticket is requested but any principal may be specified. On a KDC, the special keytab location +.B KDB: +can be used to indicate that kinit should open the KDC database and +look up the key directly. This permits an administrator to obtain +tickets as any principal that supports password-based authentication. .TP \fB-n\fP Requests anonymous processing. Two types of anonymous principals are |