From: | Tom Yu <tlyu@MIT.EDU> |
To: | krb5-bugs@MIT.EDU |
Subject: | remote kadmin client doesn't parse "-norandkey" |
Date: | Mon, 07 Jul 2014 11:15:41 -0400 |
It seems that the kadmin (remote) client doesn't parse "-norandkey" at
all, apparently causing option parsing to terminate. kadmin should
probably parse the argument and return an error that it's invalid for
use with remote kadmin. Currently, the option parsing code for
"-norandkey" is conditional on KADMIN_LOCAL.
See IRC log from #kerberos below for an example of user confusion
resulting from this behavior:
07:00 <demifuror> hi guys. when i run "xst -norandkey -k hdfs.keytab
hdfs/node.myhost.com HTTP/node.myhost.com", i get "kadmin: Principal
-norandkey does not exist. kadmin: Principal -k does not exist. kadmin:
Principal hdfs.keytab does not exist." are these warnings or errors?
after that, i get a bunch of lines like "Entry for principal
hdfs/node.myhost.com with kvno 5, encryption type
aes256-cts-hmac-sha1-96 added to keytab FILE:/etc/krb5.keytab."
07:25 <demifuror> okay, so, it's because im using kadmin instead of
kadmin.local...just gonna leave them out, hopefully it doesnt break
anything
all, apparently causing option parsing to terminate. kadmin should
probably parse the argument and return an error that it's invalid for
use with remote kadmin. Currently, the option parsing code for
"-norandkey" is conditional on KADMIN_LOCAL.
See IRC log from #kerberos below for an example of user confusion
resulting from this behavior:
07:00 <demifuror> hi guys. when i run "xst -norandkey -k hdfs.keytab
hdfs/node.myhost.com HTTP/node.myhost.com", i get "kadmin: Principal
-norandkey does not exist. kadmin: Principal -k does not exist. kadmin:
Principal hdfs.keytab does not exist." are these warnings or errors?
after that, i get a bunch of lines like "Entry for principal
hdfs/node.myhost.com with kvno 5, encryption type
aes256-cts-hmac-sha1-96 added to keytab FILE:/etc/krb5.keytab."
07:25 <demifuror> okay, so, it's because im using kadmin instead of
kadmin.local...just gonna leave them out, hopefully it doesnt break
anything