Skip Menu |
 

From: Tom Yu <tlyu@MIT.EDU>
To: krb5-bugs@MIT.EDU
Subject: remote kadmin client doesn't parse "-norandkey"
Date: Mon, 07 Jul 2014 11:15:41 -0400
It seems that the kadmin (remote) client doesn't parse "-norandkey" at
all, apparently causing option parsing to terminate. kadmin should
probably parse the argument and return an error that it's invalid for
use with remote kadmin. Currently, the option parsing code for
"-norandkey" is conditional on KADMIN_LOCAL.

See IRC log from #kerberos below for an example of user confusion
resulting from this behavior:

07:00 <demifuror> hi guys. when i run "xst -norandkey -k hdfs.keytab
hdfs/node.myhost.com HTTP/node.myhost.com", i get "kadmin: Principal
-norandkey does not exist. kadmin: Principal -k does not exist. kadmin:
Principal hdfs.keytab does not exist." are these warnings or errors?
after that, i get a bunch of lines like "Entry for principal
hdfs/node.myhost.com with kvno 5, encryption type
aes256-cts-hmac-sha1-96 added to keytab FILE:/etc/krb5.keytab."

07:25 <demifuror> okay, so, it's because im using kadmin instead of
kadmin.local...just gonna leave them out, hopefully it doesnt break
anything
From: tlyu@mit.edu
Subject: git commit

Parse "ktadd -norandkey" in remote kadmin client

The remote kadmin client would not parse the "-norandkey" option to
the ktadd subcommand, terminating option parsing and possibly causing
options to be interpreted as principal names.

https://github.com/krb5/krb5/commit/13e9694b17945d43d0cfc203b2645204f2d87086
Author: Tom Yu <tlyu@mit.edu>
Commit: 13e9694b17945d43d0cfc203b2645204f2d87086
Branch: master
src/kadmin/cli/keytab.c | 12 +++++-------
1 files changed, 5 insertions(+), 7 deletions(-)
From: tlyu@mit.edu
Subject: git commit

Parse "ktadd -norandkey" in remote kadmin client

The remote kadmin client would not parse the "-norandkey" option to
the ktadd subcommand, terminating option parsing and possibly causing
options to be interpreted as principal names.

(cherry picked from commit 13e9694b17945d43d0cfc203b2645204f2d87086)

https://github.com/krb5/krb5/commit/f5a40c03c5a93713468f740600cb443f53792e84
Author: Tom Yu <tlyu@mit.edu>
Commit: f5a40c03c5a93713468f740600cb443f53792e84
Branch: krb5-1.13
src/kadmin/cli/keytab.c | 12 +++++-------
1 files changed, 5 insertions(+), 7 deletions(-)