diff options
author | Sam Hartman <hartmans@mit.edu> | 2009-04-14 15:05:21 +0000 |
---|---|---|
committer | Sam Hartman <hartmans@mit.edu> | 2009-04-14 15:05:21 +0000 |
commit | 2e6de997360ecefbe42d58af88f275939c4b5266 (patch) | |
tree | e2aec37b92c2d101277167c6c0034c9776b1337a /src/clients/kinit | |
parent | 14773f87a3119ecf45d5d7945b21b50e0271ef62 (diff) | |
download | krb5-2e6de997360ecefbe42d58af88f275939c4b5266.tar.gz krb5-2e6de997360ecefbe42d58af88f275939c4b5266.tar.xz krb5-2e6de997360ecefbe42d58af88f275939c4b5266.zip |
Implement kinit option for FAST armor ccache
Implement the -T option to kinit to specify the FAST armor ccache.
ticket: 6460
Target_version: 1.7
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22209 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/clients/kinit')
-rw-r--r-- | src/clients/kinit/kinit.M | 6 | ||||
-rw-r--r-- | src/clients/kinit/kinit.c | 17 |
2 files changed, 19 insertions, 4 deletions
diff --git a/src/clients/kinit/kinit.M b/src/clients/kinit/kinit.M index 60336a24ea..05a5ae8902 100644 --- a/src/clients/kinit/kinit.M +++ b/src/clients/kinit/kinit.M @@ -37,7 +37,7 @@ kinit \- obtain and cache Kerberos ticket-granting ticket [\fB\-A\fP] [\fB\-v\fP] [\fB\-R\fP] [\fB\-k\fP [\fB\-t\fP \fIkeytab_file\fP]] [\fB\-c\fP \fIcache_name\fP] -[\fB\-S\fP \fIservice_name\fP] +[\fB\-S\fP \fIservice_name\fP][\fB\-T\fP \fIarmor_ccache\fP] [\fB\-X\fP \fIattribute\fP[=\fIvalue\fP]] [\fIprincipal\fP] .ad b @@ -130,6 +130,10 @@ the .I keytab_file option; otherwise the default name and location will be used. .TP +\fB\-T\fP \fIarmor_ccache\fP +Specifies the name of a credential cache that already contains a ticket. This ccache +will be used to armor the request Ideally, an attacker should have to attack both the armor ticket and the key of the principal. +.TP \fB\-c\fP \fIcache_name\fP use .I cache_name diff --git a/src/clients/kinit/kinit.c b/src/clients/kinit/kinit.c index e2a0f089b3..42896122a5 100644 --- a/src/clients/kinit/kinit.c +++ b/src/clients/kinit/kinit.c @@ -117,6 +117,7 @@ struct k_opts char* service_name; char* keytab_name; char* k5_cache_name; + char *armor_ccache; action_type action; @@ -195,9 +196,10 @@ usage() USAGE_BREAK "[-v] [-R] " "[-k [-t keytab_file]] " - "[-c cachename] " + "[-c cachename] " + USAGE_BREAK + "[-S service_name]""-T ticket_armor_cache" USAGE_BREAK - "[-S service_name]" "[-X <attribute>[=<value>]] [principal]" "\n\n", progname); @@ -278,7 +280,7 @@ parse_options(argc, argv, opts) int errflg = 0; int i; - while ((i = GETOPT(argc, argv, "r:fpFP54aAVl:s:c:kt:RS:vX:CE")) + while ((i = GETOPT(argc, argv, "r:fpFP54aAVl:s:c:kt:T:RS:vX:CE")) != -1) { switch (i) { case 'V': @@ -347,6 +349,12 @@ parse_options(argc, argv, opts) opts->keytab_name = optarg; } break; + case 'T': + if (opts->armor_ccache) { + fprintf(stderr, "Only one armor_ccache\n"); + errflg++; + } else opts->armor_ccache = optarg; + break; case 'R': opts->action = RENEW; break; @@ -585,6 +593,9 @@ k5_kinit(opts, k5) } if (opts->no_addresses) krb5_get_init_creds_opt_set_address_list(options, NULL); + if (opts->armor_ccache) + krb5_get_init_creds_opt_set_fast_ccache_name(k5->ctx, options, opts->armor_ccache); + if ((opts->action == INIT_KT) && opts->keytab_name) { |