diff options
author | Ben Kaduk <kaduk@mit.edu> | 2012-09-27 12:46:26 -0400 |
---|---|---|
committer | Ben Kaduk <kaduk@mit.edu> | 2012-11-16 12:05:36 -0500 |
commit | cfd85f4130e015bf823a745438e87641f9ead49e (patch) | |
tree | 59a91aa635541cac592a9df09354e2c9f6de59db /src/clients | |
parent | 4ef653d4a607c5238242ab8acac7b0541a4f3633 (diff) | |
download | krb5-cfd85f4130e015bf823a745438e87641f9ead49e.tar.gz krb5-cfd85f4130e015bf823a745438e87641f9ead49e.tar.xz krb5-cfd85f4130e015bf823a745438e87641f9ead49e.zip |
Make kinit smarter about using keytabs
Previously, we would happily accept -i or -t name and do nothing
with it, if -k was not given. If the user is passing -i or -t, they
clearly want to use a keytab, so do so (but print a warning).
While here, enforce that only one of -t and -i is given.
ticket: 7218
tags: pullup
target_version: 1.11
Diffstat (limited to 'src/clients')
-rw-r--r-- | src/clients/kinit/kinit.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/src/clients/kinit/kinit.c b/src/clients/kinit/kinit.c index ac204c1d07..71a2fec586 100644 --- a/src/clients/kinit/kinit.c +++ b/src/clients/kinit/kinit.c @@ -434,6 +434,17 @@ parse_options(argc, argv, opts) fprintf(stderr, _("Only one of -a and -A allowed\n")); errflg++; } + if (opts->keytab_name != NULL && opts->use_client_keytab == 1) + { + fprintf(stderr, _("Only one of -t and -i allowed\n")); + errflg++; + } + if ((opts->keytab_name != NULL || opts->use_client_keytab == 1) && + opts->action != INIT_KT) + { + opts->action = INIT_KT; + fprintf(stderr, _("keytab specified, forcing -k\n")); + } if (argc - optind > 1) { fprintf(stderr, _("Extra arguments (starting with \"%s\").\n"), |