directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dran...@apache.org
Subject [2/2] directory-kerby git commit: Refactored kadmin tool
Date Tue, 23 Jun 2015 02:34:27 GMT
Refactored kadmin tool


Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/dadf393f
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/dadf393f
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/dadf393f

Branch: refs/heads/master
Commit: dadf393f8e3859795919f5fc2d2cbb50d52f8e29
Parents: 390e21c
Author: Drankye <drankye@gmail.com>
Authored: Tue Jun 23 18:32:24 2015 +0800
Committer: Drankye <drankye@gmail.com>
Committed: Tue Jun 23 18:32:24 2015 +0800

----------------------------------------------------------------------
 kerby-dist/tool-dist/bin/kadmin.sh              |   2 +-
 kerby-dist/tool-dist/bin/kinit.sh               |   2 +-
 kerby-dist/tool-dist/bin/klist.sh               |   2 +-
 .../kerby/kerberos/kerb/admin/Kadmin.java       |  34 +--
 .../apache/kerby/kerberos/tool/kinit/Kinit.java | 206 -------------------
 .../kerby/kerberos/tool/kinit/KinitTool.java    | 206 +++++++++++++++++++
 .../apache/kerby/kerberos/tool/klist/Klist.java | 159 --------------
 .../kerby/kerberos/tool/klist/KlistTool.java    | 159 ++++++++++++++
 .../kerby/kerberos/tool/kadmin/Kadmin.java      | 177 ----------------
 .../kerby/kerberos/tool/kadmin/KadminTool.java  | 179 ++++++++++++++++
 .../kerby/kerberos/tool/kadmin/ToolUtil.java    |  84 ++++++++
 .../kadmin/command/AddPrincipalCommand.java     | 136 ++++++++++++
 .../kadmin/command/ChangePasswordCommand.java   | 133 ++++++++++++
 .../kadmin/command/DeletePrincipalCommand.java  | 102 +++++++++
 .../kadmin/command/GetPrincipalCommand.java     |  76 +++++++
 .../tool/kadmin/command/KadminCommand.java      |  40 ++++
 .../tool/kadmin/command/KeytabAddCommand.java   |  80 +++++++
 .../kadmin/command/KeytabRemoveCommand.java     |  90 ++++++++
 .../kadmin/command/ListPrincipalCommand.java    |  52 +++++
 .../kadmin/command/ModifyPrincipalCommand.java  | 100 +++++++++
 .../kadmin/command/RenamePrincipalCommand.java  |  80 +++++++
 .../kadmin/executor/AddPrincipalExecutor.java   | 142 -------------
 .../kadmin/executor/ChangePasswordExecutor.java | 140 -------------
 .../executor/DeletePrincipalExecutor.java       | 105 ----------
 .../kadmin/executor/GetPrincipalExcutor.java    |  79 -------
 .../kadmin/executor/KadminCommandExecutor.java  |  28 ---
 .../tool/kadmin/executor/KeytabAddExecutor.java |  84 --------
 .../kadmin/executor/KeytabRemoveExecutor.java   |  94 ---------
 .../kadmin/executor/ListPrincipalExcutor.java   |  55 -----
 .../executor/ModifyPrincipalExecutor.java       | 107 ----------
 .../executor/RenamePrincipalExecutor.java       |  83 --------
 .../kerberos/tool/kadmin/tool/KadminTool.java   |  84 --------
 32 files changed, 1531 insertions(+), 1569 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/dadf393f/kerby-dist/tool-dist/bin/kadmin.sh
----------------------------------------------------------------------
diff --git a/kerby-dist/tool-dist/bin/kadmin.sh b/kerby-dist/tool-dist/bin/kadmin.sh
index 85e54cd..7d7cf60 100644
--- a/kerby-dist/tool-dist/bin/kadmin.sh
+++ b/kerby-dist/tool-dist/bin/kadmin.sh
@@ -3,4 +3,4 @@ java -Xdebug -Xrunjdwp:transport=dt_socket,address=1046,server=y,suspend=n \
 -cp ../lib/json-backend-1.0-SNAPSHOT-jar-with-dependencies.jar:\
 ../lib/ldap-backend-1.0-SNAPSHOT-jar-with-dependencies.jar:\
 ../lib/zookeeper-backend-1.0-SNAPSHOT-jar-with-dependencies.jar:\
-../lib/server-tool-1.0-SNAPSHOT-jar-with-dependencies.jar org.apache.kerby.kerberos.tool.kadmin.Kadmin $@
\ No newline at end of file
+../lib/server-tool-1.0-SNAPSHOT-jar-with-dependencies.jar org.apache.kerby.kerberos.tool.kadmin.KadminTool $@
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/dadf393f/kerby-dist/tool-dist/bin/kinit.sh
----------------------------------------------------------------------
diff --git a/kerby-dist/tool-dist/bin/kinit.sh b/kerby-dist/tool-dist/bin/kinit.sh
index 7502998..3e46ce1 100644
--- a/kerby-dist/tool-dist/bin/kinit.sh
+++ b/kerby-dist/tool-dist/bin/kinit.sh
@@ -1,4 +1,4 @@
 #!/bin/bash
 java -Xdebug -Xrunjdwp:transport=dt_socket,address=1045,server=y,suspend=n \
 -cp ../lib/kerb-client-1.0-SNAPSHOT-jar-with-dependencies.jar:\
-../lib/client-tool-1.0-SNAPSHOT.jar org.apache.kerby.kerberos.tool.kinit.Kinit $@
+../lib/client-tool-1.0-SNAPSHOT.jar org.apache.kerby.kerberos.tool.kinit.KinitTool $@

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/dadf393f/kerby-dist/tool-dist/bin/klist.sh
----------------------------------------------------------------------
diff --git a/kerby-dist/tool-dist/bin/klist.sh b/kerby-dist/tool-dist/bin/klist.sh
index 4a45fe0..cb04544 100644
--- a/kerby-dist/tool-dist/bin/klist.sh
+++ b/kerby-dist/tool-dist/bin/klist.sh
@@ -1,4 +1,4 @@
 #!/bin/bash
 java -Xdebug -Xrunjdwp:transport=dt_socket,address=1045,server=y,suspend=n \
 -cp ../lib/kerb-client-1.0-SNAPSHOT-jar-with-dependencies.jar:\
-../lib/client-tool-1.0-SNAPSHOT.jar org.apache.kerby.kerberos.tool.klist.Klist $@
+../lib/client-tool-1.0-SNAPSHOT.jar org.apache.kerby.kerberos.tool.klist.KlistTool $@

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/dadf393f/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/Kadmin.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/Kadmin.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/Kadmin.java
index ef40dae..ba66687 100644
--- a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/Kadmin.java
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/Kadmin.java
@@ -23,12 +23,10 @@ import org.apache.kerby.KOptions;
 import org.apache.kerby.config.Config;
 import org.apache.kerby.kerberos.kerb.KrbException;
 import org.apache.kerby.kerberos.kerb.common.EncryptionUtil;
-import org.apache.kerby.kerberos.kerb.identity.IdentityService;
 import org.apache.kerby.kerberos.kerb.identity.KrbIdentity;
 import org.apache.kerby.kerberos.kerb.identity.backend.IdentityBackend;
 import org.apache.kerby.kerberos.kerb.keytab.Keytab;
 import org.apache.kerby.kerberos.kerb.keytab.KeytabEntry;
-import org.apache.kerby.kerberos.kerb.server.BackendConfig;
 import org.apache.kerby.kerberos.kerb.server.KdcConfig;
 import org.apache.kerby.kerberos.kerb.server.KdcConfigKey;
 import org.apache.kerby.kerberos.kerb.spec.KerberosTime;
@@ -47,45 +45,35 @@ import java.util.List;
 public class Kadmin {
 
     private KdcConfig kdcConfig;
+    private Config backendConfig;
     private IdentityBackend backend;
 
     public Kadmin(KdcConfig kdcConfig, Config backendConfig) {
         this.kdcConfig = kdcConfig;
-        backend = getBackend(backendConfig);
+        this.backendConfig = backendConfig;
+        this.backend = getBackend(backendConfig);
     }
 
-    public Kadmin(Config backendConfig) {
-        backend = getBackend(backendConfig);
+    public KdcConfig getKdcConfig() {
+        return kdcConfig;
     }
 
-    /**
-     * Set KDC config.
-     * @param kdcConfig
-     */
-    public void setKdcConfig(KdcConfig kdcConfig) {
-        this.kdcConfig = kdcConfig;
-    }
-
-    /**
-     * Set backend config.
-     * @param backendConfig
-     */
-    public void setBackendConfig(BackendConfig backendConfig) {
-        backend = getBackend(backendConfig);
+    public Config getBackendConfig() {
+        return backendConfig;
     }
 
     /**
-     * Get identity service.
-     * @return IdentityService
+     * Get identity backend.
+     * @return IdentityBackend
      */
-    public IdentityService getIdentityService() {
+    public IdentityBackend getIdentityBackend() {
         return backend;
     }
 
     /**
      * Init the identity backend from backend configuration.
      */
-    public IdentityBackend getBackend(Config backendConfig) {
+    private IdentityBackend getBackend(Config backendConfig) {
         String backendClassName = backendConfig.getString(
                 KdcConfigKey.KDC_IDENTITY_BACKEND);
         if (backendClassName == null) {

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/dadf393f/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/kinit/Kinit.java
----------------------------------------------------------------------
diff --git a/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/kinit/Kinit.java b/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/kinit/Kinit.java
deleted file mode 100644
index adec456..0000000
--- a/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/kinit/Kinit.java
+++ /dev/null
@@ -1,206 +0,0 @@
-/**
- *  Licensed to the Apache Software Foundation (ASF) under one
- *  or more contributor license agreements.  See the NOTICE file
- *  distributed with this work for additional information
- *  regarding copyright ownership.  The ASF licenses this file
- *  to you under the Apache License, Version 2.0 (the
- *  "License"); you may not use this file except in compliance
- *  with the License.  You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing,
- *  software distributed under the License is distributed on an
- *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *  KIND, either express or implied.  See the License for the
- *  specific language governing permissions and limitations
- *  under the License. 
- *
- */
-package org.apache.kerby.kerberos.tool.kinit;
-
-import org.apache.kerby.KOptionType;
-import org.apache.kerby.KOptions;
-import org.apache.kerby.kerberos.kerb.KrbException;
-import org.apache.kerby.kerberos.kerb.ccache.Credential;
-import org.apache.kerby.kerberos.kerb.ccache.CredentialCache;
-import org.apache.kerby.kerberos.kerb.client.KrbClient;
-import org.apache.kerby.kerberos.kerb.client.KrbOption;
-import org.apache.kerby.kerberos.kerb.spec.ticket.TgtTicket;
-import org.apache.kerby.kerberos.tool.ToolUtil;
-
-import java.io.Console;
-import java.io.File;
-import java.io.IOException;
-import java.util.Arrays;
-import java.util.Scanner;
-
-/**
- * kinit like tool
- */
-public class Kinit {
-
-    private static final String USAGE =
-            "Usage: kinit [-V] [-l lifetime] [-s start_time]\n" +
-                    "\t\t[-r renewable_life] [-f | -F] [-p | -P] -n [-a | -A] [-C] [-E]\n" +
-                    "\t\t[-v] [-R] [-k [-i|-t keytab_file]] [-c cachename]\n" +
-                    "\t\t[-S service_name] [-T ticket_armor_cache]\n" +
-                    "\t\t[-X <attribute>[=<value>]] <principal>\n\n" +
-                    "\tDESCRIPTION:\n" +
-                    "\t\tkinit obtains and caches an initial ticket-granting ticket for principal.\n\n" +
-                    "\tOPTIONS:\n" +
-                    "\t\t-V verbose\n" +
-                    "\t\t-l lifetime\n" +
-                    "\t\t--s start time\n" +
-                    "\t\t-r renewable lifetime\n" +
-                    "\t\t-f forwardable\n" +
-                    "\t\t-F not forwardable\n" +
-                    "\t\t-p proxiable\n" +
-                    "\t\t-P not proxiable\n" +
-                    "\t\t-n anonymous\n" +
-                    "\t\t-a include addresses\n" +
-                    "\t\t-A do not include addresses\n" +
-                    "\t\t-v validate\n" +
-                    "\t\t-R renew\n" +
-                    "\t\t-C canonicalize\n" +
-                    "\t\t-E client is enterprise principal name\n" +
-                    "\t\t-k use keytab\n" +
-                    "\t\t-i use default client keytab (with -k)\n" +
-                    "\t\t-t filename of keytab to use\n" +
-                    "\t\t-c Kerberos 5 cache name\n" +
-                    "\t\t-S service\n" +
-                    "\t\t-T armor credential cache\n" +
-                    "\t\t-X <attribute>[=<value>]\n" +
-                    "\n";
-
-
-    private static void printUsage(String error) {
-        System.err.println(error + "\n");
-        System.err.println(USAGE);
-        System.exit(-1);
-    }
-
-    /**
-     * Get password for the input principal from console
-     */
-    private static String getPassword(String principal) {
-        Console console = System.console();
-        if (console == null) {
-            System.out.println("Couldn't get Console instance, " +
-                    "maybe you're running this from within an IDE. " +
-                    "Use scanner to read password.");
-            System.out.println("Password for " + principal + ":");
-            try (Scanner scanner = new Scanner(System.in)) {
-                return scanner.nextLine().trim();
-            }
-        }
-        console.printf("Password for " + principal + ":");
-        char[] passwordChars = console.readPassword();
-        String password = new String(passwordChars).trim();
-        Arrays.fill(passwordChars, ' ');
-
-        return password;
-    }
-
-    private static void requestTicket(String principal,
-                                      KOptions ktOptions) throws Exception {
-        ktOptions.add(KinitOption.CLIENT_PRINCIPAL, principal);
-
-        //If not request tickets by keytab than by password.
-        if (! ktOptions.contains(KinitOption.USE_KEYTAB)) {
-            ktOptions.add(KinitOption.USE_PASSWD);
-            String password = getPassword(principal);
-            ktOptions.add(KinitOption.USER_PASSWD, password);
-        }
-
-        KrbClient krbClient = getClient();
-        TgtTicket tgt = krbClient.requestTgtWithOptions(
-                ToolUtil.convertOptions(ktOptions));
-
-        if(tgt == null) {
-            System.out.println("Get TGT failed ...");
-            return;
-        }
-
-        writeTgtToCache(tgt, principal, ktOptions);
-    }
-
-    /**
-     * Init the client.
-     */
-    private static KrbClient getClient() throws KrbException {
-        KrbClient krbClient = new KrbClient();
-        krbClient.init();
-        return krbClient;
-    }
-
-    /**
-     * Write tgt into credentials cache.
-     */
-    private static void writeTgtToCache(
-            TgtTicket tgt, String principal, KOptions kinitOptions) throws IOException {
-        Credential credential = new Credential(tgt);
-        CredentialCache cCache = new CredentialCache();
-        cCache.addCredential(credential);
-        cCache.setPrimaryPrincipal(tgt.getClientPrincipal());
-
-        String fileName;
-        if (kinitOptions.contains(KrbOption.KRB5_CACHE)) {
-            fileName = kinitOptions.getStringOption(KrbOption.KRB5_CACHE);
-        } else {
-            String princName = principal.replaceAll("/", "_");
-            fileName = "krb5_" + princName + ".cc";
-        }
-        File cCacheFile = new File("/tmp/", fileName);
-        cCache.store(cCacheFile);
-    }
-
-    public static void main(String[] args) throws Exception {
-        KOptions ktOptions = new KOptions();
-        KinitOption kto;
-        String principal = null;
-
-        int i = 0;
-        String opt, param, error;
-        while (i < args.length) {
-            error = null;
-
-            opt = args[i++];
-            if (opt.startsWith("-")) {
-                kto = KinitOption.fromName(opt);
-                if (kto == KinitOption.NONE) {
-                    error = "Invalid option:" + opt;
-                    break;
-                }
-            } else {
-                principal = opt;
-                kto = KinitOption.NONE;
-            }
-
-            if (kto.getType() != KOptionType.NOV) { // require a parameter
-                param = null;
-                if (i < args.length) {
-                    param = args[i++];
-                }
-                if (param != null) {
-                    KOptions.parseSetValue(kto, param);
-                } else {
-                    error = "Option " + opt + " require a parameter";
-                }
-            }
-
-            if (error != null) {
-                printUsage(error);
-            }
-            ktOptions.add(kto);
-        }
-
-        if (principal == null) {
-            printUsage("No principal is specified");
-        }
-
-        Kinit.requestTicket(principal, ktOptions);
-        System.exit(0);
-    }
-
-}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/dadf393f/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/kinit/KinitTool.java
----------------------------------------------------------------------
diff --git a/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/kinit/KinitTool.java b/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/kinit/KinitTool.java
new file mode 100644
index 0000000..eef3211
--- /dev/null
+++ b/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/kinit/KinitTool.java
@@ -0,0 +1,206 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *
+ */
+package org.apache.kerby.kerberos.tool.kinit;
+
+import org.apache.kerby.KOptionType;
+import org.apache.kerby.KOptions;
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.ccache.Credential;
+import org.apache.kerby.kerberos.kerb.ccache.CredentialCache;
+import org.apache.kerby.kerberos.kerb.client.KrbClient;
+import org.apache.kerby.kerberos.kerb.client.KrbOption;
+import org.apache.kerby.kerberos.kerb.spec.ticket.TgtTicket;
+import org.apache.kerby.kerberos.tool.ToolUtil;
+
+import java.io.Console;
+import java.io.File;
+import java.io.IOException;
+import java.util.Arrays;
+import java.util.Scanner;
+
+/**
+ * kinit like tool
+ */
+public class KinitTool {
+
+    private static final String USAGE =
+            "Usage: kinit [-V] [-l lifetime] [-s start_time]\n" +
+                    "\t\t[-r renewable_life] [-f | -F] [-p | -P] -n [-a | -A] [-C] [-E]\n" +
+                    "\t\t[-v] [-R] [-k [-i|-t keytab_file]] [-c cachename]\n" +
+                    "\t\t[-S service_name] [-T ticket_armor_cache]\n" +
+                    "\t\t[-X <attribute>[=<value>]] <principal>\n\n" +
+                    "\tDESCRIPTION:\n" +
+                    "\t\tkinit obtains and caches an initial ticket-granting ticket for principal.\n\n" +
+                    "\tOPTIONS:\n" +
+                    "\t\t-V verbose\n" +
+                    "\t\t-l lifetime\n" +
+                    "\t\t--s start time\n" +
+                    "\t\t-r renewable lifetime\n" +
+                    "\t\t-f forwardable\n" +
+                    "\t\t-F not forwardable\n" +
+                    "\t\t-p proxiable\n" +
+                    "\t\t-P not proxiable\n" +
+                    "\t\t-n anonymous\n" +
+                    "\t\t-a include addresses\n" +
+                    "\t\t-A do not include addresses\n" +
+                    "\t\t-v validate\n" +
+                    "\t\t-R renew\n" +
+                    "\t\t-C canonicalize\n" +
+                    "\t\t-E client is enterprise principal name\n" +
+                    "\t\t-k use keytab\n" +
+                    "\t\t-i use default client keytab (with -k)\n" +
+                    "\t\t-t filename of keytab to use\n" +
+                    "\t\t-c Kerberos 5 cache name\n" +
+                    "\t\t-S service\n" +
+                    "\t\t-T armor credential cache\n" +
+                    "\t\t-X <attribute>[=<value>]\n" +
+                    "\n";
+
+
+    private static void printUsage(String error) {
+        System.err.println(error + "\n");
+        System.err.println(USAGE);
+        System.exit(-1);
+    }
+
+    /**
+     * Get password for the input principal from console
+     */
+    private static String getPassword(String principal) {
+        Console console = System.console();
+        if (console == null) {
+            System.out.println("Couldn't get Console instance, " +
+                    "maybe you're running this from within an IDE. " +
+                    "Use scanner to read password.");
+            System.out.println("Password for " + principal + ":");
+            try (Scanner scanner = new Scanner(System.in)) {
+                return scanner.nextLine().trim();
+            }
+        }
+        console.printf("Password for " + principal + ":");
+        char[] passwordChars = console.readPassword();
+        String password = new String(passwordChars).trim();
+        Arrays.fill(passwordChars, ' ');
+
+        return password;
+    }
+
+    private static void requestTicket(String principal,
+                                      KOptions ktOptions) throws Exception {
+        ktOptions.add(KinitOption.CLIENT_PRINCIPAL, principal);
+
+        //If not request tickets by keytab than by password.
+        if (! ktOptions.contains(KinitOption.USE_KEYTAB)) {
+            ktOptions.add(KinitOption.USE_PASSWD);
+            String password = getPassword(principal);
+            ktOptions.add(KinitOption.USER_PASSWD, password);
+        }
+
+        KrbClient krbClient = getClient();
+        TgtTicket tgt = krbClient.requestTgtWithOptions(
+                ToolUtil.convertOptions(ktOptions));
+
+        if(tgt == null) {
+            System.out.println("Get TGT failed ...");
+            return;
+        }
+
+        writeTgtToCache(tgt, principal, ktOptions);
+    }
+
+    /**
+     * Init the client.
+     */
+    private static KrbClient getClient() throws KrbException {
+        KrbClient krbClient = new KrbClient();
+        krbClient.init();
+        return krbClient;
+    }
+
+    /**
+     * Write tgt into credentials cache.
+     */
+    private static void writeTgtToCache(
+            TgtTicket tgt, String principal, KOptions kinitOptions) throws IOException {
+        Credential credential = new Credential(tgt);
+        CredentialCache cCache = new CredentialCache();
+        cCache.addCredential(credential);
+        cCache.setPrimaryPrincipal(tgt.getClientPrincipal());
+
+        String fileName;
+        if (kinitOptions.contains(KrbOption.KRB5_CACHE)) {
+            fileName = kinitOptions.getStringOption(KrbOption.KRB5_CACHE);
+        } else {
+            String princName = principal.replaceAll("/", "_");
+            fileName = "krb5_" + princName + ".cc";
+        }
+        File cCacheFile = new File("/tmp/", fileName);
+        cCache.store(cCacheFile);
+    }
+
+    public static void main(String[] args) throws Exception {
+        KOptions ktOptions = new KOptions();
+        KinitOption kto;
+        String principal = null;
+
+        int i = 0;
+        String opt, param, error;
+        while (i < args.length) {
+            error = null;
+
+            opt = args[i++];
+            if (opt.startsWith("-")) {
+                kto = KinitOption.fromName(opt);
+                if (kto == KinitOption.NONE) {
+                    error = "Invalid option:" + opt;
+                    break;
+                }
+            } else {
+                principal = opt;
+                kto = KinitOption.NONE;
+            }
+
+            if (kto.getType() != KOptionType.NOV) { // require a parameter
+                param = null;
+                if (i < args.length) {
+                    param = args[i++];
+                }
+                if (param != null) {
+                    KOptions.parseSetValue(kto, param);
+                } else {
+                    error = "Option " + opt + " require a parameter";
+                }
+            }
+
+            if (error != null) {
+                printUsage(error);
+            }
+            ktOptions.add(kto);
+        }
+
+        if (principal == null) {
+            printUsage("No principal is specified");
+        }
+
+        KinitTool.requestTicket(principal, ktOptions);
+        System.exit(0);
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/dadf393f/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/klist/Klist.java
----------------------------------------------------------------------
diff --git a/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/klist/Klist.java b/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/klist/Klist.java
deleted file mode 100644
index c499442..0000000
--- a/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/klist/Klist.java
+++ /dev/null
@@ -1,159 +0,0 @@
-/**
- *  Licensed to the Apache Software Foundation (ASF) under one
- *  or more contributor license agreements.  See the NOTICE file
- *  distributed with this work for additional information
- *  regarding copyright ownership.  The ASF licenses this file
- *  to you under the Apache License, Version 2.0 (the
- *  "License"); you may not use this file except in compliance
- *  with the License.  You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing,
- *  software distributed under the License is distributed on an
- *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *  KIND, either express or implied.  See the License for the
- *  specific language governing permissions and limitations
- *  under the License.
- *
- */
-package org.apache.kerby.kerberos.tool.klist;
-
-import org.apache.kerby.KOptionType;
-import org.apache.kerby.KOptions;
-import org.apache.kerby.kerberos.kerb.ccache.Credential;
-import org.apache.kerby.kerberos.kerb.ccache.CredentialCache;
-
-import java.io.FileInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.text.DateFormat;
-import java.text.SimpleDateFormat;
-import java.util.List;
-
-/**
- * klist like tool
- */
-public class Klist {
-
-    private static  final String USAGE =
-            "Usage: klist [-e] [-V] [[-c] [-l] [-A] [-d] [-f] [-s] " +
-                    "[-a [-n]]] [-k [-t] [-K]] [name]\n" +
-                    "\t-c specifies credentials cache\n" +
-                    "\t-k specifies keytab\n" +
-                    "\t   (Default is credentials cache)\n" +
-                    "\t-i uses default client keytab if no name given\n" +
-                    "\t-l lists credential caches in collection\n" +
-                    "\t-A shows content of all credential caches\n" +
-                    "\t-e shows the encryption type\n" +
-                    "\t-V shows the Kerberos version and exits\n" +
-                    "\toptions for credential caches:\n" +
-                    "\t\t-d shows the submitted authorization data types\n" +
-                    "\t\t-f shows credentials flags\n" +
-                    "\t\t-s sets exit status based on valid tgt existence\n" +
-                    "\t\t-a displays the address list\n" +
-                    "\t\t\t-n do not reverse-resolve\n" +
-                    "\toptions for keytabs:\n" +
-                    "\t\t-t shows keytab entry timestamps\n" +
-                    "\t\t-K shows keytab entry keys\n";
-
-
-
-    private static void printUsage(String error) {
-        System.err.println(error + "\n");
-        System.err.println(USAGE);
-        System.exit(-1);
-    }
-
-    private static int printInfo(KOptions klOptions) {
-        CredentialCache cc = new CredentialCache();
-        List<Credential> credentials;
-        InputStream cis = null ;
-        String error;
-        String fileName = null;
-
-        if (!klOptions.contains(KlistOption.CREDENTIALS_CACHE)) {
-            error = "No credential cache path given.";
-            printUsage(error);
-        } else {
-            fileName = klOptions.getStringOption(KlistOption.CREDENTIALS_CACHE);
-            try {
-                cis = new FileInputStream(fileName);
-                cc.load(cis);
-            } catch (IOException e) {
-                System.err.println("Failed to open CredentialCache from file: " + fileName);
-                e.printStackTrace();
-            }
-
-        }
-
-        if (cc != null) {
-            credentials = cc.getCredentials();
-
-            System.out.println("Ticket cache: " + fileName);
-            System.out.println("Default principal: " + cc.getPrimaryPrincipal().getName());
-
-            if (credentials.isEmpty()) {
-                System.out.println("No credential has been cached.");
-            } else {
-                DateFormat df = new SimpleDateFormat("dd/MM/yy HH:mm:ss");
-
-                System.out.println("Valid starting\t\tExpires\t\t\tService principal");
-
-                for (Credential crd : credentials) {
-                    System.out.println( df.format(crd.getStartTime().getTime()) + "\t" +
-                                        df.format(crd.getEndTime().getTime()) + "\t" +
-                                        crd.getServerName());
-                }
-            }
-
-        }
-
-        return 0;
-    }
-
-    public static void main(String[] args) throws Exception {
-        KOptions klOptions = new KOptions();
-        KlistOption klopt;
-        // String name = null;
-
-        int i = 0;
-        String opt, value, error;
-        while (i < args.length) {
-            error = null;
-            opt = args[i++];
-
-            if (opt.startsWith("-")) {
-                klopt = KlistOption.fromName(opt);
-                if (klopt == KlistOption.NONE) {
-                    error = "Invalid option:" + opt;
-                    break;
-                }
-            } else {
-                // name = opt;
-                break;
-            }
-
-            if (klopt.getType() != KOptionType.NOV) { //needs value for this parameter
-                value = null;
-                if (i < args.length) {
-                    value = args[i++];
-                }
-                if (value != null) {
-                    KOptions.parseSetValue(klopt, value);
-                } else {
-                    error = "Option" + klopt + "requires a following value";
-                }
-            }
-
-            if ( error != null ) {
-                printUsage(error);
-            }
-
-            klOptions.add(klopt);
-        }
-
-        int errNo = Klist.printInfo(klOptions);
-        System.exit(errNo);
-    }
-}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/dadf393f/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/klist/KlistTool.java
----------------------------------------------------------------------
diff --git a/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/klist/KlistTool.java b/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/klist/KlistTool.java
new file mode 100644
index 0000000..8f5dcf7
--- /dev/null
+++ b/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/klist/KlistTool.java
@@ -0,0 +1,159 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License.
+ *
+ */
+package org.apache.kerby.kerberos.tool.klist;
+
+import org.apache.kerby.KOptionType;
+import org.apache.kerby.KOptions;
+import org.apache.kerby.kerberos.kerb.ccache.Credential;
+import org.apache.kerby.kerberos.kerb.ccache.CredentialCache;
+
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.text.DateFormat;
+import java.text.SimpleDateFormat;
+import java.util.List;
+
+/**
+ * klist like tool
+ */
+public class KlistTool {
+
+    private static  final String USAGE =
+            "Usage: klist [-e] [-V] [[-c] [-l] [-A] [-d] [-f] [-s] " +
+                    "[-a [-n]]] [-k [-t] [-K]] [name]\n" +
+                    "\t-c specifies credentials cache\n" +
+                    "\t-k specifies keytab\n" +
+                    "\t   (Default is credentials cache)\n" +
+                    "\t-i uses default client keytab if no name given\n" +
+                    "\t-l lists credential caches in collection\n" +
+                    "\t-A shows content of all credential caches\n" +
+                    "\t-e shows the encryption type\n" +
+                    "\t-V shows the Kerberos version and exits\n" +
+                    "\toptions for credential caches:\n" +
+                    "\t\t-d shows the submitted authorization data types\n" +
+                    "\t\t-f shows credentials flags\n" +
+                    "\t\t-s sets exit status based on valid tgt existence\n" +
+                    "\t\t-a displays the address list\n" +
+                    "\t\t\t-n do not reverse-resolve\n" +
+                    "\toptions for keytabs:\n" +
+                    "\t\t-t shows keytab entry timestamps\n" +
+                    "\t\t-K shows keytab entry keys\n";
+
+
+
+    private static void printUsage(String error) {
+        System.err.println(error + "\n");
+        System.err.println(USAGE);
+        System.exit(-1);
+    }
+
+    private static int printInfo(KOptions klOptions) {
+        CredentialCache cc = new CredentialCache();
+        List<Credential> credentials;
+        InputStream cis = null ;
+        String error;
+        String fileName = null;
+
+        if (!klOptions.contains(KlistOption.CREDENTIALS_CACHE)) {
+            error = "No credential cache path given.";
+            printUsage(error);
+        } else {
+            fileName = klOptions.getStringOption(KlistOption.CREDENTIALS_CACHE);
+            try {
+                cis = new FileInputStream(fileName);
+                cc.load(cis);
+            } catch (IOException e) {
+                System.err.println("Failed to open CredentialCache from file: " + fileName);
+                e.printStackTrace();
+            }
+
+        }
+
+        if (cc != null) {
+            credentials = cc.getCredentials();
+
+            System.out.println("Ticket cache: " + fileName);
+            System.out.println("Default principal: " + cc.getPrimaryPrincipal().getName());
+
+            if (credentials.isEmpty()) {
+                System.out.println("No credential has been cached.");
+            } else {
+                DateFormat df = new SimpleDateFormat("dd/MM/yy HH:mm:ss");
+
+                System.out.println("Valid starting\t\tExpires\t\t\tService principal");
+
+                for (Credential crd : credentials) {
+                    System.out.println( df.format(crd.getStartTime().getTime()) + "\t" +
+                                        df.format(crd.getEndTime().getTime()) + "\t" +
+                                        crd.getServerName());
+                }
+            }
+
+        }
+
+        return 0;
+    }
+
+    public static void main(String[] args) throws Exception {
+        KOptions klOptions = new KOptions();
+        KlistOption klopt;
+        // String name = null;
+
+        int i = 0;
+        String opt, value, error;
+        while (i < args.length) {
+            error = null;
+            opt = args[i++];
+
+            if (opt.startsWith("-")) {
+                klopt = KlistOption.fromName(opt);
+                if (klopt == KlistOption.NONE) {
+                    error = "Invalid option:" + opt;
+                    break;
+                }
+            } else {
+                // name = opt;
+                break;
+            }
+
+            if (klopt.getType() != KOptionType.NOV) { //needs value for this parameter
+                value = null;
+                if (i < args.length) {
+                    value = args[i++];
+                }
+                if (value != null) {
+                    KOptions.parseSetValue(klopt, value);
+                } else {
+                    error = "Option" + klopt + "requires a following value";
+                }
+            }
+
+            if ( error != null ) {
+                printUsage(error);
+            }
+
+            klOptions.add(klopt);
+        }
+
+        int errNo = KlistTool.printInfo(klOptions);
+        System.exit(errNo);
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/dadf393f/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/Kadmin.java
----------------------------------------------------------------------
diff --git a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/Kadmin.java b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/Kadmin.java
deleted file mode 100644
index d6b73d8..0000000
--- a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/Kadmin.java
+++ /dev/null
@@ -1,177 +0,0 @@
-/**
- *  Licensed to the Apache Software Foundation (ASF) under one
- *  or more contributor license agreements.  See the NOTICE file
- *  distributed with this work for additional information
- *  regarding copyright ownership.  The ASF licenses this file
- *  to you under the Apache License, Version 2.0 (the
- *  "License"); you may not use this file except in compliance
- *  with the License.  You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing,
- *  software distributed under the License is distributed on an
- *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *  KIND, either express or implied.  See the License for the
- *  specific language governing permissions and limitations
- *  under the License.
- *
- */
-package org.apache.kerby.kerberos.tool.kadmin;
-
-import org.apache.kerby.config.Conf;
-import org.apache.kerby.kerberos.kerb.server.KdcConfig;
-import org.apache.kerby.kerberos.tool.kadmin.executor.*;
-
-import java.io.File;
-import java.io.IOException;
-import java.util.Map;
-import java.util.Scanner;
-
-public class Kadmin {
-    private static final String PROMPT = Kadmin.class.getSimpleName() + ".local";
-    private static final String REQUEST_LIST = "Available " + PROMPT + " requests:\n" +
-            "\n" +
-            "add_principal, addprinc, ank\n" +
-            "                         Add principal\n" +
-            "delete_principal, delprinc\n" +
-            "                         Delete principal\n" +
-            "modify_principal, modprinc\n" +
-            "                         Modify principal\n" +
-            "rename_principal, renprinc\n" +
-            "                         Rename principal\n" +
-            "change_password, cpw     Change password\n" +
-            "get_principal, getprinc  Get principal\n" +
-            "list_principals, listprincs, get_principals, getprincs\n" +
-            "                         List principals\n" +
-            "add_policy, addpol       Add policy\n" +
-            "modify_policy, modpol    Modify policy\n" +
-            "delete_policy, delpol    Delete policy\n" +
-            "get_policy, getpol       Get policy\n" +
-            "list_policies, listpols, get_policies, getpols\n" +
-            "                         List policies\n" +
-            "get_privs, getprivs      Get privileges\n" +
-            "ktadd, xst               Add entry(s) to a keytab\n" +
-            "ktremove, ktrem          Remove entry(s) from a keytab\n" +
-            "lock                     Lock database exclusively (use with extreme caution!)\n" +
-            "unlock                   Release exclusive database lock\n" +
-            "purgekeys                Purge previously retained old keys from a principal\n" +
-            "get_strings, getstrs     Show string attributes on a principal\n" +
-            "set_string, setstr       Set a string attribute on a principal\n" +
-            "del_string, delstr       Delete a string attribute on a principal\n" +
-            "list_requests, lr, ?     List available requests.\n" +
-            "quit, exit, q            Exit program.";
-
-    private static KdcConfig kdcConfig;
-    private static Conf backendConfig;
-
-    private static void execute(String command) {
-        //omit the leading and trailing whitespace.
-        command = command.trim();
-        if (command.equals("list_requests") ||
-                command.equals("lr") ||
-                command.equals("?")) {
-            System.out.println(REQUEST_LIST);
-            return;
-        }
-
-        KadminCommandExecutor executor = null;
-        if (command.startsWith("add_principal") ||
-                command.startsWith("addprinc") ||
-                command.startsWith("ank")) {
-            executor = new AddPrincipalExecutor(kdcConfig, backendConfig);
-        } else if (command.startsWith("ktadd") ||
-                command.startsWith("xst")) {
-            executor = new KeytabAddExecutor(backendConfig);
-        } else if (command.startsWith("ktremove") ||
-                command.startsWith("ktrem")) {
-            executor = new KeytabRemoveExecutor(backendConfig);
-        } else if (command.startsWith("delete_principal") ||
-                command.startsWith("delprinc")) {
-            executor = new DeletePrincipalExecutor(backendConfig);
-        } else if (command.startsWith("modify_principal") ||
-                command.startsWith("modprinc")) {
-            executor = new ModifyPrincipalExecutor(kdcConfig, backendConfig);
-        } else if (command.startsWith("rename_principal") ||
-                command.startsWith("renprinc")) {
-            executor = new RenamePrincipalExecutor(backendConfig);
-        } else if (command.startsWith("change_password") ||
-                command.startsWith("cpw")) {
-            executor = new ChangePasswordExecutor(kdcConfig, backendConfig);
-        } else if (command.startsWith("get_principal") || command.startsWith("getprinc") ||
-                command.startsWith("Get principal")) {
-            executor = new GetPrincipalExcutor(backendConfig);
-        } else if (command.startsWith("list_principals") ||
-                command.startsWith("listprincs") || command.startsWith("get_principals") ||
-                command.startsWith("getprincs") || command.startsWith("List principals")) {
-            executor = new ListPrincipalExcutor(backendConfig);
-        }
-        if (executor == null) {
-            System.out.println("Unknown request \"" + command + "\". Type \"?\" for a request list.");
-            return;
-        }
-        executor.execute(command);
-    }
-
-    private static void initConfig(String[] args) {
-        File confDir;
-        if (args.length == 0) {
-            String envDir;
-            try {
-                Map<String, String> mapEnv = System.getenv();
-                envDir = mapEnv.get("KRB5_KDC_DIR");
-            } catch (SecurityException e) {
-                envDir = null;
-            }
-            if(envDir != null) {
-                confDir = new File(envDir);
-            } else {
-                confDir = new File("/etc/kerby/");// for Linux. TODO: fix for Win etc.
-            }
-        } else {
-            confDir = new File(args[0]);
-        }
-
-        if (confDir.exists()) {
-            File kdcConfFile = new File(confDir, "kdc.conf");
-            if (kdcConfFile.exists()) {
-                kdcConfig = new KdcConfig();
-                try {
-                    kdcConfig.addIniConfig(kdcConfFile);
-                } catch (IOException e) {
-                    System.err.println("Can not load the kdc configuration file " + kdcConfFile.getAbsolutePath());
-                    e.printStackTrace();
-                }
-            }
-
-            File backendConfigFile = new File(confDir, "backend.conf");
-            if (backendConfigFile.exists()) {
-                backendConfig = new Conf();
-                try {
-                    backendConfig.addIniConfig(backendConfigFile);
-                } catch (IOException e) {
-                    System.err.println("Can not load the backend configuration file " + backendConfigFile.getAbsolutePath());
-                    e.printStackTrace();
-                }
-            }
-        } else {
-            throw new RuntimeException("Can not find configuration directory");
-        }
-    }
-
-    public static void main(String[] args) {
-        initConfig(args);
-        System.out.print(PROMPT + ": ");
-        try (Scanner scanner = new Scanner(System.in)) {
-            String input = scanner.nextLine();
-    
-            while (!(input.equals("quit") ||
-                    input.equals("exit") ||
-                    input.equals("q"))) {
-                execute(input);
-                System.out.print(PROMPT + ": ");
-                input = scanner.nextLine();
-            }
-        }
-    }
-}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/dadf393f/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/KadminTool.java
----------------------------------------------------------------------
diff --git a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/KadminTool.java b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/KadminTool.java
new file mode 100644
index 0000000..002e35b
--- /dev/null
+++ b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/KadminTool.java
@@ -0,0 +1,179 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License.
+ *
+ */
+package org.apache.kerby.kerberos.tool.kadmin;
+
+import org.apache.kerby.config.Conf;
+import org.apache.kerby.kerberos.kerb.admin.Kadmin;
+import org.apache.kerby.kerberos.kerb.server.KdcConfig;
+import org.apache.kerby.kerberos.tool.kadmin.command.*;
+
+import java.io.File;
+import java.io.IOException;
+import java.util.Map;
+import java.util.Scanner;
+
+public class KadminTool {
+    private static final String PROMPT = KadminTool.class.getSimpleName() + ".local";
+    private static final String REQUEST_LIST = "Available " + PROMPT + " requests:\n" +
+            "\n" +
+            "add_principal, addprinc, ank\n" +
+            "                         Add principal\n" +
+            "delete_principal, delprinc\n" +
+            "                         Delete principal\n" +
+            "modify_principal, modprinc\n" +
+            "                         Modify principal\n" +
+            "rename_principal, renprinc\n" +
+            "                         Rename principal\n" +
+            "change_password, cpw     Change password\n" +
+            "get_principal, getprinc  Get principal\n" +
+            "list_principals, listprincs, get_principals, getprincs\n" +
+            "                         List principals\n" +
+            "add_policy, addpol       Add policy\n" +
+            "modify_policy, modpol    Modify policy\n" +
+            "delete_policy, delpol    Delete policy\n" +
+            "get_policy, getpol       Get policy\n" +
+            "list_policies, listpols, get_policies, getpols\n" +
+            "                         List policies\n" +
+            "get_privs, getprivs      Get privileges\n" +
+            "ktadd, xst               Add entry(s) to a keytab\n" +
+            "ktremove, ktrem          Remove entry(s) from a keytab\n" +
+            "lock                     Lock database exclusively (use with extreme caution!)\n" +
+            "unlock                   Release exclusive database lock\n" +
+            "purgekeys                Purge previously retained old keys from a principal\n" +
+            "get_strings, getstrs     Show string attributes on a principal\n" +
+            "set_string, setstr       Set a string attribute on a principal\n" +
+            "del_string, delstr       Delete a string attribute on a principal\n" +
+            "list_requests, lr, ?     List available requests.\n" +
+            "quit, exit, q            Exit program.";
+
+    private static KdcConfig kdcConfig;
+    private static Conf backendConfig;
+
+    private static void execute(String command) {
+        //Omit the leading and trailing whitespace.
+        command = command.trim();
+        if (command.equals("list_requests") ||
+                command.equals("lr") ||
+                command.equals("?")) {
+            System.out.println(REQUEST_LIST);
+            return;
+        }
+
+        Kadmin kadmin = new Kadmin(kdcConfig, backendConfig);
+        KadminCommand executor = null;
+        if (command.startsWith("add_principal") ||
+                command.startsWith("addprinc") ||
+                command.startsWith("ank")) {
+            executor = new AddPrincipalCommand(kadmin);
+        } else if (command.startsWith("ktadd") ||
+                command.startsWith("xst")) {
+            executor = new KeytabAddCommand(kadmin);
+        } else if (command.startsWith("ktremove") ||
+                command.startsWith("ktrem")) {
+            executor = new KeytabRemoveCommand(kadmin);
+        } else if (command.startsWith("delete_principal") ||
+                command.startsWith("delprinc")) {
+            executor = new DeletePrincipalCommand(kadmin);
+        } else if (command.startsWith("modify_principal") ||
+                command.startsWith("modprinc")) {
+            executor = new ModifyPrincipalCommand(kadmin);
+        } else if (command.startsWith("rename_principal") ||
+                command.startsWith("renprinc")) {
+            executor = new RenamePrincipalCommand(kadmin);
+        } else if (command.startsWith("change_password") ||
+                command.startsWith("cpw")) {
+            executor = new ChangePasswordCommand(kadmin);
+        } else if (command.startsWith("get_principal") || command.startsWith("getprinc") ||
+                command.startsWith("Get principal")) {
+            executor = new GetPrincipalCommand(kadmin);
+        } else if (command.startsWith("list_principals") ||
+                command.startsWith("listprincs") || command.startsWith("get_principals") ||
+                command.startsWith("getprincs") || command.startsWith("List principals")) {
+            executor = new ListPrincipalCommand(kadmin);
+        }
+        if (executor == null) {
+            System.out.println("Unknown request \"" + command + "\". Type \"?\" for a request list.");
+            return;
+        }
+        executor.execute(command);
+    }
+
+    private static void initConfig(String[] args) {
+        File confDir;
+        if (args.length == 0) {
+            String envDir;
+            try {
+                Map<String, String> mapEnv = System.getenv();
+                envDir = mapEnv.get("KRB5_KDC_DIR");
+            } catch (SecurityException e) {
+                envDir = null;
+            }
+            if(envDir != null) {
+                confDir = new File(envDir);
+            } else {
+                confDir = new File("/etc/kerby/");// for Linux. TODO: fix for Win etc.
+            }
+        } else {
+            confDir = new File(args[0]);
+        }
+
+        if (confDir.exists()) {
+            File kdcConfFile = new File(confDir, "kdc.conf");
+            if (kdcConfFile.exists()) {
+                kdcConfig = new KdcConfig();
+                try {
+                    kdcConfig.addIniConfig(kdcConfFile);
+                } catch (IOException e) {
+                    System.err.println("Can not load the kdc configuration file " + kdcConfFile.getAbsolutePath());
+                    e.printStackTrace();
+                }
+            }
+
+            File backendConfigFile = new File(confDir, "backend.conf");
+            if (backendConfigFile.exists()) {
+                backendConfig = new Conf();
+                try {
+                    backendConfig.addIniConfig(backendConfigFile);
+                } catch (IOException e) {
+                    System.err.println("Can not load the backend configuration file " + backendConfigFile.getAbsolutePath());
+                    e.printStackTrace();
+                }
+            }
+        } else {
+            throw new RuntimeException("Can not find configuration directory");
+        }
+    }
+
+    public static void main(String[] args) {
+        initConfig(args);
+        System.out.print(PROMPT + ": ");
+        try (Scanner scanner = new Scanner(System.in)) {
+            String input = scanner.nextLine();
+    
+            while (!(input.equals("quit") ||
+                    input.equals("exit") ||
+                    input.equals("q"))) {
+                execute(input);
+                System.out.print(PROMPT + ": ");
+                input = scanner.nextLine();
+            }
+        }
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/dadf393f/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/ToolUtil.java
----------------------------------------------------------------------
diff --git a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/ToolUtil.java b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/ToolUtil.java
new file mode 100644
index 0000000..2cf2955
--- /dev/null
+++ b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/ToolUtil.java
@@ -0,0 +1,84 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License.
+ *
+ */
+package org.apache.kerby.kerberos.tool.kadmin;
+
+import org.apache.kerby.KOptionType;
+import org.apache.kerby.KOptions;
+import org.apache.kerby.kerberos.kerb.admin.KadminOption;
+
+import java.util.Scanner;
+
+public class ToolUtil {
+
+    public static void printUsage(String error, String USAGE) {
+        System.err.println(error + "\n");
+        System.err.println(USAGE);
+    }
+
+    public static KOptions parseOptions(String[] commands, int beginIndex, int endIndex) {
+        KadminOption kOption;
+        String opt, error, param;
+
+        if(beginIndex < 0) {
+            System.out.println("Invalid function parameter(s).");
+            return null;
+        }
+
+        KOptions kOptions = new KOptions();
+        int i = beginIndex;
+        while (i <= endIndex) {
+            error = null;
+            opt = commands[i++];
+            if (opt.startsWith("-")) {
+                kOption = KadminOption.fromName(opt);
+                if (kOption == KadminOption.NONE) {
+                    error = "Invalid option:" + opt;
+                }
+            } else {
+                kOption = KadminOption.NONE;
+                error = "Invalid parameter:" + opt + " , it does not belong to any option.";
+            }
+
+            if (kOption.getType() != KOptionType.NOV) { // require a parameter
+                param = null;
+                if (i <= endIndex) {
+                    param = commands[i++];
+                }
+                if (param != null) {
+                    kOptions.parseSetValue(kOption, param);
+                } else {
+                    error = "Option " + opt + " require a parameter";
+                }
+            }
+            if (error != null) {
+                System.out.println(error);
+                return null;
+            }
+            kOptions.add(kOption);
+        }
+        return kOptions;
+    }
+
+    public static String getReplay(String prompt) {
+        Scanner scanner = new Scanner(System.in);
+        System.out.println(prompt);
+        return scanner.nextLine().trim();
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/dadf393f/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/AddPrincipalCommand.java
----------------------------------------------------------------------
diff --git a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/AddPrincipalCommand.java b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/AddPrincipalCommand.java
new file mode 100644
index 0000000..b728dca
--- /dev/null
+++ b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/AddPrincipalCommand.java
@@ -0,0 +1,136 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License.
+ *
+ */
+package org.apache.kerby.kerberos.tool.kadmin.command;
+
+import org.apache.kerby.KOptions;
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.admin.Kadmin;
+import org.apache.kerby.kerberos.kerb.admin.KadminOption;
+import org.apache.kerby.kerberos.tool.kadmin.ToolUtil;
+
+import java.io.Console;
+import java.util.Arrays;
+import java.util.Scanner;
+
+public class AddPrincipalCommand extends KadminCommand {
+    private static final String USAGE = "Usage: add_principal [options] principal\n" +
+            "\toptions are:\n" +
+            "\t\t[-randkey|-nokey] [-x db_princ_args]* [-expire expdate] [-pwexpire pwexpdate] [-maxlife maxtixlife]\n" +
+            "\t\t[-kvno kvno] [-policy policy] [-clearpolicy]\n" +
+            "\t\t[-pw password] [-maxrenewlife maxrenewlife]\n" +
+            "\t\t[-e keysaltlist]\n" +
+            "\t\t[{+|-}attribute]\n" +
+            "\tattributes are:\n" +
+            "\t\tallow_postdated allow_forwardable allow_tgs_req allow_renewable\n" +
+            "\t\tallow_proxiable allow_dup_skey allow_tix requires_preauth\n" +
+            "\t\trequires_hwauth needchange allow_svr password_changing_service\n" +
+            "\t\tok_as_delegate ok_to_auth_as_delegate no_auth_data_required\n" +
+            "\n" +
+            "\twhere,\n" +
+            "\t[-x db_princ_args]* - any number of database specific arguments.\n" +
+            "\t\t\tLook at each database documentation for supported arguments.\n" +
+            "\tExample:\n" +
+            "\t\tadd_principal -expire 23/04/15:01:01:01 -kvno 1 -pw mypassword test@EXAMPLE.COM";
+
+
+    private KOptions kOptions;
+
+    public AddPrincipalCommand(Kadmin kadmin) {
+        super(kadmin);
+    }
+
+    @Override
+    public void execute(String input) {
+        String[] commands = input.split("\\s+");
+        if (commands.length < 2) {
+            System.err.println(USAGE);
+            return;
+        }
+
+        kOptions = ToolUtil.parseOptions(commands, 1, commands.length - 2);
+        if(kOptions == null) {
+            System.err.println(USAGE);
+            return;
+        }
+        String principal = commands[commands.length - 1];
+        String password;
+        if(kOptions.contains(KadminOption.PW)) {
+            password = kOptions.getStringOption(KadminOption.PW);
+        } else {
+            password = getPassword(principal);
+        }
+
+        if (password == null) {
+            return;
+        }
+
+        try {
+            getKadmin().addPrincipal(principal, password, kOptions);
+            System.out.println("Principal \"" + principal + "\" created.");
+        } catch (KrbException e) {
+            System.err.println("Fail to add principal \"" + principal + "\"." + e.getCause());
+        }
+    }
+
+    /**
+     * Get password for the input principal from console
+     */
+    private String getPassword(String principal) {
+        String passwordOnce;
+        String passwordTwice;
+
+        Console console = System.console();
+        if (console == null) {
+            System.out.println("Couldn't get Console instance, " +
+                    "maybe you're running this from within an IDE. " +
+                    "Use scanner to read password.");
+            Scanner scanner = new Scanner(System.in);
+            passwordOnce = getPassword(scanner,
+                    "Enter password for principal \"" + principal + "\":");
+            passwordTwice = getPassword(scanner,
+                    "Re-enter password for principal \"" + principal + "\":");
+
+        } else {
+            passwordOnce = getPassword(console,
+                    "Enter password for principal \"" + principal + "\":");
+            passwordTwice = getPassword(console,
+                    "Re-enter password for principal \"" + principal + "\":");
+        }
+
+        if (!passwordOnce.equals(passwordTwice)) {
+            System.err.println("add_principal: Password mismatch while reading password for \"" + principal + "\".");
+            return null;
+        }
+        return passwordOnce;
+    }
+
+    private String getPassword(Scanner scanner, String prompt) {
+        System.out.println(prompt);
+        return scanner.nextLine().trim();
+    }
+
+    private String getPassword(Console console, String prompt) {
+        console.printf(prompt);
+        char[] passwordChars = console.readPassword();
+        String password = new String(passwordChars).trim();
+        Arrays.fill(passwordChars, ' ');
+        return password;
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/dadf393f/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/ChangePasswordCommand.java
----------------------------------------------------------------------
diff --git a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/ChangePasswordCommand.java b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/ChangePasswordCommand.java
new file mode 100644
index 0000000..fe95729
--- /dev/null
+++ b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/ChangePasswordCommand.java
@@ -0,0 +1,133 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License.
+ *
+ */
+package org.apache.kerby.kerberos.tool.kadmin.command;
+
+import org.apache.kerby.KOptions;
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.admin.Kadmin;
+import org.apache.kerby.kerberos.kerb.admin.KadminOption;
+import org.apache.kerby.kerberos.tool.kadmin.ToolUtil;
+
+import java.io.Console;
+import java.util.Arrays;
+import java.util.Scanner;
+
+public class ChangePasswordCommand extends KadminCommand {
+    private static final String USAGE = "Usage: change_password [-randkey] " +
+            "[-keepold] [-e keysaltlist] [-pw password] principal";
+
+    private KOptions kOptions;
+
+    public ChangePasswordCommand(Kadmin kadmin) {
+        super(kadmin);
+    }
+
+    @Override
+    public void execute(String input) {
+        String[] commands = input.split("\\s");
+        String principal = commands[commands.length -1];
+        String password;
+
+        if (commands.length <= 1) {
+            System.err.println(USAGE);
+            return;
+        }
+
+        if (commands.length == 2) {//only principal is given
+            password = getPassword(principal);
+            if(password == null) {
+                System.out.println("Did not get new password successfully. Please try again");
+                return;
+            }
+            try {
+                getKadmin().updatePassword(principal, password);
+                System.out.println("Update password success.");
+            } catch (KrbException e) {
+                System.err.println("Fail to update password. " + e.getCause());
+            }
+        } else if (commands.length > 2) {
+            kOptions = ToolUtil.parseOptions(commands, 1, commands.length - 2);
+            if (kOptions == null) {
+                System.err.println(USAGE);
+                return;
+            }
+            if (kOptions.contains(KadminOption.PW)){
+                password = kOptions.getStringOption(KadminOption.PW);
+                try {
+                    getKadmin().updatePassword(principal, password);
+                    System.out.println("Update password success.");
+                } catch (KrbException e) {
+                    System.err.println("Fail to update password. " + e.getCause());
+                }
+            } else if( kOptions.contains(KadminOption.RANDKEY)){
+                try {
+                    getKadmin().updateKey(principal);
+                } catch (KrbException e) {
+                    System.err.println("Fail to update key. " + e.getCause());
+                }
+            }
+        }
+    }
+
+    /**
+     * Get password from console
+     */
+    private String getPassword(String principal) {
+        String passwordOnce;
+        String passwordTwice;
+
+        Console console = System.console();
+        if (console == null) {
+            System.out.println("Couldn't get Console instance, " +
+                    "maybe you're running this from within an IDE. " +
+                    "Use scanner to read password.");
+            Scanner scanner = new Scanner(System.in);
+            passwordOnce = getPassword(scanner,
+                    "Please enter new password  \"" + principal + "\":");
+            passwordTwice = getPassword(scanner,
+                    "Please re-enter password  =\"" + principal + "\":");
+
+        } else {
+            passwordOnce = getPassword(console,
+                    "Please enter new password \"" + principal + "\":");
+            passwordTwice = getPassword(console,
+                    "Please re-enter password \"" + principal + "\":");
+        }
+
+        if (!passwordOnce.equals(passwordTwice)) {
+            System.err.println("change_password: Password mismatch while reading password for \"" + principal + "\".");
+            return null;
+        }
+        return passwordOnce;
+    }
+
+    private String getPassword(Scanner scanner, String prompt) {
+        System.out.println(prompt);
+        return scanner.nextLine().trim();
+    }
+
+    private String getPassword(Console console, String prompt) {
+        console.printf(prompt);
+        char[] passwordChars = console.readPassword();
+        String password = new String(passwordChars).trim();
+        Arrays.fill(passwordChars, ' ');
+        return password;
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/dadf393f/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/DeletePrincipalCommand.java
----------------------------------------------------------------------
diff --git a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/DeletePrincipalCommand.java b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/DeletePrincipalCommand.java
new file mode 100644
index 0000000..efcb0a8
--- /dev/null
+++ b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/DeletePrincipalCommand.java
@@ -0,0 +1,102 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License.
+ *
+ */
+package org.apache.kerby.kerberos.tool.kadmin.command;
+
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.admin.Kadmin;
+
+import java.io.Console;
+import java.util.Scanner;
+
+public class DeletePrincipalCommand extends KadminCommand {
+
+    private static final String USAGE = "Usage: delete_principal [options] principal\n" +
+            "This command prompts for deletion, unless the -force option is given.\n" +
+            "\toptions are:\n" +
+            "\t\t[-force]" + " no prompts for deletion.";
+
+    private Boolean force = false;
+
+    public DeletePrincipalCommand(Kadmin kadmin) {
+        super(kadmin);
+    }
+
+    @Override
+    public void execute(String input) {
+        String[] commands = input.split(" ");
+        if (commands.length < 2) {
+            System.err.println(USAGE);
+            return;
+        }
+
+        parseOptions(commands);
+        String principal = commands[commands.length - 1];
+
+        if (force) {
+            deletePrincipal(getKadmin(), principal);
+        } else {
+            String reply;
+            Console console = System.console();
+            String prompt = "Are you sure want to delete the principal? (yes/no, YES/NO, y/n, Y/N) ";
+            if (console == null) {
+                System.out.println("Couldn't get Console instance, " +
+                    "maybe you're running this from within an IDE. " +
+                    "Use scanner to read password.");
+                Scanner scanner = new Scanner(System.in);
+                reply = getReply(scanner, prompt);
+            } else {
+                reply = getReply(console, prompt);
+            }
+            if (reply.equals("yes") || reply.equals("YES") || reply.equals("y") || reply.equals("Y")) {
+                deletePrincipal(getKadmin(), principal);
+            } else if (reply.equals("no") || reply.equals("NO") || reply.equals("n") || reply.equals("N")) {
+                System.out.println("Pincipal \"" + principal + "\"  not deleted." );
+            } else {
+                System.err.println("Unknow request, fail to delete the principal.");
+            }
+        }
+    }
+
+    private void deletePrincipal(Kadmin kadmin, String principal) {
+        try {
+            kadmin.deletePrincipal(principal);
+            System.out.println("Principal \"" + principal + "\" deleted.");
+        } catch (KrbException e) {
+            System.err.println("Fail to delete principal \"" + principal + "\" ." + e.getCause());
+        }
+    }
+
+    private String getReply(Scanner scanner, String prompt) {
+        System.out.println(prompt);
+        return scanner.nextLine().trim();
+    }
+
+    private String getReply(Console console, String prompt) {
+        console.printf(prompt);
+        String line = console.readLine();
+        return line;
+    }
+
+    private void parseOptions(String[] commands) {
+        if (commands[1].equals("-force")) {
+            force = true;
+        }
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/dadf393f/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/GetPrincipalCommand.java
----------------------------------------------------------------------
diff --git a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/GetPrincipalCommand.java b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/GetPrincipalCommand.java
new file mode 100644
index 0000000..1e3b95d
--- /dev/null
+++ b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/GetPrincipalCommand.java
@@ -0,0 +1,76 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License.
+ *
+ */
+package org.apache.kerby.kerberos.tool.kadmin.command;
+
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.admin.Kadmin;
+import org.apache.kerby.kerberos.kerb.identity.KrbIdentity;
+import org.apache.kerby.kerberos.kerb.spec.base.EncryptionKey;
+import org.apache.kerby.kerberos.kerb.spec.base.EncryptionType;
+
+import java.util.Map;
+
+public class GetPrincipalCommand extends KadminCommand {
+    private static final String USAGE = "Usage: getprinc principalName\n" +
+            "such as, getprinc hello@TEST.COM";
+
+    public GetPrincipalCommand(Kadmin kadmin) {
+        super(kadmin);
+    }
+
+    @Override
+    public void execute(String input) {
+        String[] commands = input.split(" ");
+
+        if (commands.length != 2) {
+            System.err.println(USAGE);
+            return;
+        }
+
+        String princName = commands[commands.length - 1];
+        KrbIdentity identity = null;
+        try {
+            identity = getKadmin().getPrincipal(princName);
+        } catch (KrbException e) {
+            System.err.println("Fail to get principal: " + princName + ". " + e.getCause());
+        }
+
+        if (identity == null) {
+            System.err.println(princName + " doesn't exist\n");
+            System.err.println(USAGE);
+            return;
+        }
+
+        Map<EncryptionType, EncryptionKey> key = identity.getKeys();
+
+        System.out.println(
+                "Principal: " + identity.getPrincipalName() + "\n" +
+                "Expiration data: " + identity.getExpireTime() + "\n" +
+                "Created time: " + identity.getCreatedTime() + "\n" +
+                "KDC flags: " + identity.getKdcFlags() + "\n" +
+                "Key version: " + identity.getKeyVersion() + "\n" +
+                "Number of keys: " + key.size()
+        );
+
+        for (EncryptionType keyType : key.keySet()) {
+            System.out.println("key: " + keyType);
+        }
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/dadf393f/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/KadminCommand.java
----------------------------------------------------------------------
diff --git a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/KadminCommand.java b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/KadminCommand.java
new file mode 100644
index 0000000..bcafd79
--- /dev/null
+++ b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/KadminCommand.java
@@ -0,0 +1,40 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License.
+ *
+ */
+package org.apache.kerby.kerberos.tool.kadmin.command;
+
+import org.apache.kerby.kerberos.kerb.admin.Kadmin;
+
+public abstract class KadminCommand {
+
+    private Kadmin kadmin;
+
+    public KadminCommand(Kadmin kadmin) {
+        this.kadmin = kadmin;
+    }
+
+    protected Kadmin getKadmin() {
+        return kadmin;
+    }
+
+    /**
+     * Execute the kadmin command.
+     */
+    public abstract void execute(String input);
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/dadf393f/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/KeytabAddCommand.java
----------------------------------------------------------------------
diff --git a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/KeytabAddCommand.java b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/KeytabAddCommand.java
new file mode 100644
index 0000000..105067d
--- /dev/null
+++ b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/KeytabAddCommand.java
@@ -0,0 +1,80 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License.
+ *
+ */
+package org.apache.kerby.kerberos.tool.kadmin.command;
+
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.admin.Kadmin;
+
+import java.io.File;
+
+public class KeytabAddCommand extends KadminCommand {
+    private static final String USAGE =
+            "Usage: ktadd [-k[eytab] keytab] [-q] [-e keysaltlist] [-norandkey] [principal | -glob princ-exp] [...]";
+
+    private static final String DEFAULT_KEYTAB_FILE_LOCATION = "/etc/krb5.keytab";
+
+    public KeytabAddCommand(Kadmin kadmin) {
+        super(kadmin);
+    }
+
+    @Override
+    public void execute(String input) {
+        String[] commands = input.split(" ");
+
+        String principal = null;
+        String keytabFileLocation = null;
+
+        //Since commands[0] is ktadd, the initial index is 1.
+        int index = 1;
+        while (index < commands.length) {
+            String command = commands[index];
+            if (command.equals("-k")) {
+                index++;
+                if (index >= commands.length) {
+                    System.err.println(USAGE);
+                    return;
+                }
+                keytabFileLocation = commands[index].trim();
+
+            } else if (!command.startsWith("-")){
+                principal = command;
+            }
+            index++;
+        }
+
+        if (keytabFileLocation == null) {
+            keytabFileLocation = DEFAULT_KEYTAB_FILE_LOCATION;
+        }
+        File keytabFile = new File(keytabFileLocation);
+
+        if (principal == null || !keytabFile.exists()) {
+            System.err.println(USAGE);
+            return;
+        }
+
+        try {
+        StringBuffer result = getKadmin().addEntryToKeytab(keytabFile, principal);
+            System.out.println(result.toString());
+        } catch (KrbException e) {
+            System.err.println("Principal \"" + principal + "\" fail to add entry to keytab." +
+                e.getCause());
+        }
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/dadf393f/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/KeytabRemoveCommand.java
----------------------------------------------------------------------
diff --git a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/KeytabRemoveCommand.java b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/KeytabRemoveCommand.java
new file mode 100644
index 0000000..d50b120
--- /dev/null
+++ b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/KeytabRemoveCommand.java
@@ -0,0 +1,90 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License.
+ *
+ */
+package org.apache.kerby.kerberos.tool.kadmin.command;
+
+import org.apache.kerby.KOptions;
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.admin.Kadmin;
+import org.apache.kerby.kerberos.kerb.admin.KadminOption;
+import org.apache.kerby.kerberos.tool.kadmin.ToolUtil;
+
+import java.io.File;
+
+public class KeytabRemoveCommand extends KadminCommand {
+    private static final String USAGE =
+            "Usage: ktremove [-k[eytab] keytab] [-q] principal [kvno | all | old]";
+
+    private static final String DEFAULT_KEYTAB_FILE_LOCATION = "/etc/krb5.keytab";
+
+    public KeytabRemoveCommand(Kadmin kadmin) {
+        super(kadmin);
+    }
+
+    @Override
+    public void execute(String input) {
+        String[] commands = input.split("\\s+");
+        if (commands.length < 2 || commands.length > 6) {
+            System.err.println(USAGE);
+            return;
+        }
+
+        String principal = null;
+        String keytabFileLocation = null;
+        String rangeSuffix = null;
+        int lastIndex ;
+
+        if (commands[commands.length - 1].matches("^all|old|-?\\d+$")) {
+            if (commands.length < 3) {
+                System.err.println(USAGE);
+                return;
+            }
+            lastIndex = commands.length - 3;
+            principal = commands[commands.length - 2];
+            rangeSuffix = commands[commands.length - 1];
+        } else {
+            lastIndex = commands.length - 2;
+            principal = commands[commands.length - 1];
+        }
+        KOptions kOptions = ToolUtil.parseOptions(commands, 1, lastIndex);
+
+        if (principal == null || kOptions == null ||
+                kOptions.contains(KadminOption.K) && kOptions.contains(KadminOption.KEYTAB)) {
+            System.err.println(USAGE);
+            return;
+        }
+
+        keytabFileLocation = kOptions.contains(KadminOption.K)?
+                kOptions.getStringOption(KadminOption.K):kOptions.getStringOption(KadminOption.KEYTAB);
+
+        if (keytabFileLocation == null) {
+            keytabFileLocation = DEFAULT_KEYTAB_FILE_LOCATION;
+        }
+        File keytabFile = new File(keytabFileLocation);
+
+        try {
+            StringBuilder result = getKadmin().removeEntryFromKeytab(keytabFile, principal, rangeSuffix);
+            result.append("\tFile:" + keytabFileLocation);
+            System.out.println(result.toString());
+        } catch (KrbException e) {
+            System.err.println("Principal \"" + principal + "\" fail to remove entry from keytab." +
+                e.getMessage());
+        }
+    }
+}


Mime
View raw message