diff options
| author | Sam Hartman <hartmans@mit.edu> | 2009-12-28 17:15:30 +0000 |
|---|---|---|
| committer | Sam Hartman <hartmans@mit.edu> | 2009-12-28 17:15:30 +0000 |
| commit | ec49e6e673ab229462ef18aa2986167eaa643643 (patch) | |
| tree | 625dba55e939a0073cf69f7b79c8c0010df991eb /src/kadmin | |
| parent | c5479d0c5b29430a49cf3683513c1223a173ac4e (diff) | |
| download | krb5-ec49e6e673ab229462ef18aa2986167eaa643643.tar.gz krb5-ec49e6e673ab229462ef18aa2986167eaa643643.tar.xz krb5-ec49e6e673ab229462ef18aa2986167eaa643643.zip | |
Anonymous support for Kerberos
This ticket implements Project/Anonymous pkinit from k5wiki. Provides
support for completely anonymous principals and untested client
support for realm-exposed anonymous authentication.
* Introduce kinit -n
* Introduce kadmin -n
* krb5_get_init_creds_opt_set_out_ccache aliases the supplied ccache
* No longer generate ad-initial-verified-cas in pkinit
* Fix pkinit interactions with non-TGT authentication
Merge remote branch 'anonymous' into trunk
Conflicts:
src/lib/krb5/krb/gic_opt.c
ticket: 6607
Tags: enhancement
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23527 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/kadmin')
| -rw-r--r-- | src/kadmin/cli/kadmin.c | 19 |
1 files changed, 15 insertions, 4 deletions
diff --git a/src/kadmin/cli/kadmin.c b/src/kadmin/cli/kadmin.c index c8cb3fb58..1bcf891ed 100644 --- a/src/kadmin/cli/kadmin.c +++ b/src/kadmin/cli/kadmin.c @@ -119,7 +119,7 @@ usage() { fprintf(stderr, "Usage: %s [-r realm] [-p principal] [-q query] [clnt|local args]\n" - "\tclnt args: [-s admin_server[:port]] [[-c ccache]|[-k [-t keytab]]]\n" + "\tclnt args: [-s admin_server[:port]] [[-c ccache]|[-k [-t keytab]]]|[-n]\n" "\tlocal args: [-x db_args]* [-d dbname] [-e \"enc:salt ...\"] [-m]\n" "where,\n\t[-x db_args]* - any number of database specific arguments.\n" "\t\t\tLook at each database documentation for supported arguments\n", @@ -238,7 +238,7 @@ kadmin_startup(int argc, char *argv[]) char *princstr = NULL, *keytab_name = NULL, *query = NULL; char *password = NULL; char *luser, *canon, *cp; - int optchar, freeprinc = 0, use_keytab = 0; + int optchar, freeprinc = 0, use_keytab = 0, use_anonymous = 0; struct passwd *pw; kadm5_ret_t retval; krb5_ccache cc; @@ -270,7 +270,7 @@ kadmin_startup(int argc, char *argv[]) exit(1); } - while ((optchar = getopt(argc, argv, "x:r:p:kq:w:d:s:mc:t:e:ON")) != EOF) { + while ((optchar = getopt(argc, argv, "x:r:p:knq:w:d:s:mc:t:e:ON")) != EOF) { switch (optchar) { case 'x': db_args_size++; @@ -296,6 +296,9 @@ kadmin_startup(int argc, char *argv[]) case 'k': use_keytab++; break; + case 'n': + use_anonymous++; + break; case 't': keytab_name = optarg; break; @@ -349,7 +352,9 @@ kadmin_startup(int argc, char *argv[]) } } if ((ccache_name && use_keytab) || - (keytab_name && !use_keytab)) + (keytab_name && !use_keytab) + || (ccache_name && use_anonymous) + || (use_anonymous &&use_keytab)) usage(); if (def_realm == NULL && krb5_get_default_realm(context, &def_realm)) { @@ -487,6 +492,12 @@ kadmin_startup(int argc, char *argv[]) retval = kadm5_init_with_creds(context, princstr, cc, svcname, ¶ms, KADM5_STRUCT_VERSION, KADM5_API_VERSION_3, db_args, &handle); + } else if ( use_anonymous) { + printf("Authenticating as principal %s with password; anonymous requested.\n", + princstr); + retval = kadm5_init_anonymous(context, princstr, svcname, ¶ms, + KADM5_STRUCT_VERSION, + KADM5_API_VERSION_3, db_args, &handle); } else if (use_keytab) { if (keytab_name) printf("Authenticating as principal %s with keytab %s.\n", |