static void
usage()
{
- fprintf(stderr, "Usage: %s [-V] "
- "[-l lifetime] [-s start_time] "
- USAGE_BREAK
- "[-r renewable_life] "
- "[-f | -F | --forwardable | --noforwardable] "
- USAGE_BREAK
- "[-p | -P | --proxiable | --noproxiable] "
- USAGE_BREAK
- "-n "
- "[-a | -A | --addresses | --noaddresses] "
- USAGE_BREAK
- "[--request-pac | --no-request-pac] "
- USAGE_BREAK
- "[-C | --canonicalize] "
- USAGE_BREAK
- "[-E | --enterprise] "
- USAGE_BREAK
- "[-v] [-R] "
- "[-k [-i|-t keytab_file]] "
- "[-c cachename] "
- USAGE_BREAK
- "[-S service_name] [-T ticket_armor_cache]"
- USAGE_BREAK
- "[-X <attribute>[=<value>]] [principal]"
- "\n\n",
- progname);
+ fprintf(stderr,
+ _("Usage: %s [-V] [-l lifetime] [-s start_time] "
+ "[-r renewable_life]\n"
+ "\t[-f | -F] [-p | -P] [-n] [-a | -A] [-C] [-E]\n"
+ "\t[--request-pac | --no-request-pac]\n"
+ "\t[-v] [-R] [-k [-i|-t keytab_file]] [-c cachename]\n"
+ "\t[-S service_name] [-I input_ccache] [-T ticket_armor_cache]\n"
+ "\t[-X <attribute>[=<value>]] [principal]\n"
+ "\n"), progname);
fprintf(stderr, " options:\n");
fprintf(stderr, _("\t-V verbose\n"));
fprintf(stderr, _("\t-t filename of keytab to use\n"));
fprintf(stderr, _("\t-c Kerberos 5 cache name\n"));
fprintf(stderr, _("\t-S service\n"));
+ fprintf(stderr, _("\t-I input credential cache\n"));
fprintf(stderr, _("\t-T armor credential cache\n"));
fprintf(stderr, _("\t-X <attribute>[=<value>]\n"));
+ fprintf(stderr,
+ _("\t--{,no}-request-pac request KDC include/exclude a PAC\n"));
exit(2);
}
_("when creating default server principal name"));
goto cleanup;
}
- if (k5->me->realm.data[0] == 0) {
- ret = krb5_unparse_name(k5->ctx, k5->me, &k5->name);
- if (ret == 0) {
- com_err(progname, KRB5_ERR_HOST_REALM_UNKNOWN,
- _("(principal %s)"), k5->name);
- } else {
- com_err(progname, KRB5_ERR_HOST_REALM_UNKNOWN,
- _("for local services"));
- }
- goto cleanup;
- }
} else if (k5->out_cc != NULL) {
/* If the output ccache is initialized, use its principal. */
if (krb5_cc_get_principal(k5->ctx, k5->out_cc, &princ) == 0)
krb5_get_init_creds_opt *options = NULL;
krb5_boolean pwprompt = FALSE;
krb5_address **addresses = NULL;
+ krb5_principal cprinc;
+ krb5_ccache mcc = NULL;
int i;
memset(&my_creds, 0, sizeof(my_creds));
}
if (opts->action != INIT_PW && opts->action != INIT_KT) {
- ret = krb5_cc_initialize(k5->ctx, k5->out_cc, opts->canonicalize ?
- my_creds.client : k5->me);
+ cprinc = opts->canonicalize ? my_creds.client : k5->me;
+ ret = krb5_cc_new_unique(k5->ctx, "MEMORY", NULL, &mcc);
+ if (!ret)
+ ret = krb5_cc_initialize(k5->ctx, mcc, cprinc);
if (ret) {
- com_err(progname, ret, _("when initializing cache %s"),
- opts->k5_out_cache_name ? opts->k5_out_cache_name : "");
+ com_err(progname, ret, _("when creating temporary cache"));
goto cleanup;
}
if (opts->verbose)
fprintf(stderr, _("Initialized cache\n"));
- ret = krb5_cc_store_cred(k5->ctx, k5->out_cc, &my_creds);
+ ret = k5_cc_store_primary_cred(k5->ctx, mcc, &my_creds);
if (ret) {
com_err(progname, ret, _("while storing credentials"));
goto cleanup;
}
+ ret = krb5_cc_move(k5->ctx, mcc, k5->out_cc);
+ if (ret) {
+ com_err(progname, ret, _("while saving to cache %s"),
+ opts->k5_out_cache_name ? opts->k5_out_cache_name : "");
+ goto cleanup;
+ }
+ mcc = NULL;
if (opts->verbose)
fprintf(stderr, _("Stored credentials\n"));
}
#ifndef _WIN32
kinit_kdb_fini();
#endif
+ if (mcc != NULL)
+ krb5_cc_destroy(k5->ctx, mcc);
if (options)
krb5_get_init_creds_opt_free(k5->ctx, options);
if (my_creds.client == k5->me)