directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From plusplusjia...@apache.org
Subject directory-kerby git commit: DIRKRB-640 mplement renew ticket in kinit tool.
Date Tue, 01 Aug 2017 04:51:59 GMT
Repository: directory-kerby
Updated Branches:
  refs/heads/trunk f8f95ab14 -> 05be35035


DIRKRB-640 mplement renew ticket in kinit tool.


Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/05be3503
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/05be3503
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/05be3503

Branch: refs/heads/trunk
Commit: 05be350353af3d2dad957314c9e82adc27674bff
Parents: f8f95ab
Author: plusplusjiajia <jiajia.li@intel.com>
Authored: Tue Aug 1 12:51:27 2017 +0800
Committer: plusplusjiajia <jiajia.li@intel.com>
Committed: Tue Aug 1 12:51:27 2017 +0800

----------------------------------------------------------------------
 .../kerberos/kerb/client/KrbClientBase.java     | 96 ++++++++++++++++++++
 .../kerb/client/request/ArmoredRequest.java     |  2 +-
 .../kerberos/kerb/client/request/AsRequest.java |  2 +-
 .../kerb/client/request/AsRequestWithCert.java  |  2 +-
 .../kerb/client/request/KdcRequest.java         | 21 +++--
 .../kerb/client/request/TgsRequest.java         |  4 +-
 .../kerb/client/request/TgsRequestWithTgt.java  |  8 +-
 .../kerberos/kerb/type/ticket/SgtTicket.java    | 11 +++
 .../kerberos/kerb/ccache/CredentialCache.java   |  7 ++
 .../kerby/kerberos/tool/kinit/KinitTool.java    | 58 +++++++++---
 10 files changed, 182 insertions(+), 29 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/05be3503/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbClientBase.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbClientBase.java
b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbClientBase.java
index 959f38b..d05fee2 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbClientBase.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbClientBase.java
@@ -21,9 +21,11 @@ package org.apache.kerby.kerberos.kerb.client;
 
 import org.apache.kerby.KOptions;
 import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.ccache.Credential;
 import org.apache.kerby.kerberos.kerb.ccache.CredentialCache;
 import org.apache.kerby.kerberos.kerb.client.impl.DefaultInternalKrbClient;
 import org.apache.kerby.kerberos.kerb.client.impl.InternalKrbClient;
+import org.apache.kerby.kerberos.kerb.type.kdc.EncAsRepPart;
 import org.apache.kerby.kerberos.kerb.type.ticket.SgtTicket;
 import org.apache.kerby.kerberos.kerb.type.ticket.TgtTicket;
 import org.slf4j.Logger;
@@ -211,6 +213,27 @@ public class KrbClientBase {
     }
 
     /**
+     * Request a service ticket
+     * @param ccFile The credential cache file
+     * @return service ticket
+     * @throws KrbException e
+     */
+    public SgtTicket requestSgt(File ccFile) throws KrbException {
+        Credential credential = getCredentialFromFile(ccFile);
+        String servicePrincipal = credential.getServicePrincipal().getName();
+        TgtTicket tgt = getTgtTicketFromCredential(credential);
+
+        KOptions requestOptions = new KOptions();
+        requestOptions.add(KrbKdcOption.RENEW);
+        requestOptions.add(KrbOption.USE_TGT, tgt);
+        requestOptions.add(KrbOption.SERVER_PRINCIPAL, servicePrincipal);
+        SgtTicket sgtTicket = innerClient.requestSgt(requestOptions);
+        sgtTicket.setClientPrincipal(tgt.getClientPrincipal());
+        return sgtTicket;
+    }
+
+
+    /**
      * Store tgt into the specified credential cache file.
      * @param tgtTicket The tgt ticket
      * @param ccacheFile The credential cache file
@@ -248,4 +271,77 @@ public class KrbClientBase {
                     + "not exist or writable: " + ccacheFile.getAbsolutePath());
         }
     }
+
+    /**
+     * Store sgt into the specified credential cache file.
+     * @param sgtTicket The sgt ticket
+     * @param ccacheFile The credential cache file
+     * @throws KrbException e
+     */
+    public void storeTicket(SgtTicket sgtTicket, File ccacheFile) throws KrbException {
+        LOG.info("Storing the sgt to the credential cache file.");
+        if (!ccacheFile.exists()) {
+            try {
+                if (!ccacheFile.createNewFile()) {
+                    throw new KrbException("Failed to create ccache file "
+                        + ccacheFile.getAbsolutePath());
+                }
+                // sets read-write permissions to owner only
+                ccacheFile.setReadable(false, false);
+                ccacheFile.setReadable(true, true);
+                if (!ccacheFile.setWritable(true, true)) {
+                    throw new KrbException("Cache file is not readable.");
+                }
+            } catch (IOException e) {
+                throw new KrbException("Failed to create ccache file "
+                    + ccacheFile.getAbsolutePath(), e);
+            }
+        }
+        if (ccacheFile.exists() && ccacheFile.canWrite()) {
+            CredentialCache cCache = new CredentialCache(sgtTicket);
+            try {
+                cCache.store(ccacheFile);
+            } catch (IOException e) {
+                throw new KrbException("Failed to store tgt", e);
+            }
+        } else {
+            throw new IllegalArgumentException("Invalid ccache file, "
+                    + "not exist or writable: " + ccacheFile.getAbsolutePath());
+        }
+    }
+
+    public TgtTicket getTgtTicketFromCredential(Credential cc) {
+        EncAsRepPart encAsRepPart = new EncAsRepPart();
+        encAsRepPart.setAuthTime(cc.getAuthTime());
+        encAsRepPart.setCaddr(cc.getClientAddresses());
+        encAsRepPart.setEndTime(cc.getEndTime());
+        encAsRepPart.setFlags(cc.getTicketFlags());
+        encAsRepPart.setKey(cc.getKey());
+//        encAsRepPart.setKeyExpiration();
+//        encAsRepPart.setLastReq();
+//        encAsRepPart.setNonce();
+        encAsRepPart.setRenewTill(cc.getRenewTill());
+        encAsRepPart.setSname(cc.getServerName());
+        encAsRepPart.setSrealm(cc.getServerName().getRealm());
+        encAsRepPart.setStartTime(cc.getStartTime());
+        TgtTicket tgtTicket = new TgtTicket(cc.getTicket(), encAsRepPart, cc.getClientName());
+        return tgtTicket;
+    }
+
+    public Credential getCredentialFromFile(File ccFile) throws KrbException {
+        CredentialCache cc;
+        try {
+            cc = resolveCredCache(ccFile);
+        } catch (IOException e) {
+            throw new KrbException("Failed to load armor cache file");
+        }
+        return cc.getCredentials().iterator().next();
+    }
+
+    public CredentialCache resolveCredCache(File ccacheFile) throws IOException {
+        CredentialCache cc = new CredentialCache();
+        cc.load(ccacheFile);
+
+        return cc;
+    }
 }

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/05be3503/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/ArmoredRequest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/ArmoredRequest.java
b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/ArmoredRequest.java
index a052518..b7113a5 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/ArmoredRequest.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/ArmoredRequest.java
@@ -233,7 +233,7 @@ public class ArmoredRequest {
         authenticator.setCusec(0);
         authenticator.setSubKey(subKey);
 
-        KdcReqBody reqBody = kdcRequest.getReqBody();
+        KdcReqBody reqBody = kdcRequest.getReqBody(null);
         CheckSum checksum = CheckSumUtil.seal(reqBody, null,
             subKey, KeyUsage.TGS_REQ_AUTH_CKSUM);
         authenticator.setCksum(checksum);

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/05be3503/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/AsRequest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/AsRequest.java
b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/AsRequest.java
index 7f35d87..d72d46c 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/AsRequest.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/AsRequest.java
@@ -74,7 +74,7 @@ public class AsRequest extends KdcRequest {
     public void process() throws KrbException {
         super.process();
 
-        KdcReqBody body = getReqBody();
+        KdcReqBody body = getReqBody(null);
 
         AsReq asReq = new AsReq();
         asReq.setReqBody(body);

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/05be3503/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/AsRequestWithCert.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/AsRequestWithCert.java
b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/AsRequestWithCert.java
index a1f1725..fae5c80 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/AsRequestWithCert.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/AsRequestWithCert.java
@@ -43,7 +43,7 @@ public class AsRequestWithCert extends AsRequest {
 
     @Override
     public void process() throws KrbException {
-        KdcReqBody body = getReqBody();
+        KdcReqBody body = getReqBody(null);
         AsReq asReq = new AsReq();
         asReq.setReqBody(body);
         setKdcReq(asReq);

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/05be3503/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/KdcRequest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/KdcRequest.java
b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/KdcRequest.java
index 8b88097..7c241ab 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/KdcRequest.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/KdcRequest.java
@@ -158,9 +158,9 @@ public abstract class KdcRequest {
         this.kdcReq = kdcReq;
     }
 
-    protected KdcReqBody getReqBody() throws KrbException {
+    protected KdcReqBody getReqBody(KerberosTime renewTill) throws KrbException {
         if (reqBody == null) {
-            reqBody = makeReqBody();
+            reqBody = makeReqBody(renewTill);
         }
 
         return reqBody;
@@ -174,7 +174,7 @@ public abstract class KdcRequest {
         this.kdcRep = kdcRep;
     }
 
-    protected KdcReqBody makeReqBody() throws KrbException {
+    protected KdcReqBody makeReqBody(KerberosTime renewTill) throws KrbException {
         KdcReqBody body = new KdcReqBody();
 
         long startTime = System.currentTimeMillis();
@@ -190,13 +190,18 @@ public abstract class KdcRequest {
 
         body.setTill(new KerberosTime(startTime + getTicketValidTime()));
 
-        long renewLifetime;
-        if (getRequestOptions().contains(KrbOption.RENEWABLE_TIME)) {
-            renewLifetime = getRequestOptions().getIntegerOption(KrbOption.RENEWABLE_TIME);
+        KerberosTime rtime;
+        if (renewTill != null) {
+            rtime = renewTill;
         } else {
-            renewLifetime = getContext().getKrbSetting().getKrbConfig().getRenewLifetime();
+            long renewLifetime;
+            if (getRequestOptions().contains(KrbOption.RENEWABLE_TIME)) {
+                renewLifetime = getRequestOptions().getIntegerOption(KrbOption.RENEWABLE_TIME);
+            } else {
+                renewLifetime = getContext().getKrbSetting().getKrbConfig().getRenewLifetime();
+            }
+            rtime = new KerberosTime(startTime + renewLifetime * 1000);
         }
-        KerberosTime rtime = new KerberosTime(startTime + renewLifetime * 1000);
         body.setRtime(rtime);
 
         int nonce = generateNonce();

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/05be3503/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/TgsRequest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/TgsRequest.java
b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/TgsRequest.java
index 8e2526e..8e650b8 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/TgsRequest.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/TgsRequest.java
@@ -67,7 +67,7 @@ public class TgsRequest extends KdcRequest {
 
         TgsReq tgsReq = new TgsReq();
 
-        KdcReqBody tgsReqBody = getReqBody();
+        KdcReqBody tgsReqBody = getReqBody(null);
         tgsReq.setReqBody(tgsReqBody);
         tgsReq.setPaData(getPreauthContext().getOutputPaData());
 
@@ -79,7 +79,7 @@ public class TgsRequest extends KdcRequest {
         setKdcRep(kdcRep);
 
         TgsRep tgsRep = (TgsRep) getKdcRep();
-        EncTgsRepPart encTgsRepPart = null;
+        EncTgsRepPart encTgsRepPart;
         try {
             encTgsRepPart = EncryptionUtil.unseal(tgsRep.getEncryptedEncPart(),
                 getSessionKey(),

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/05be3503/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/TgsRequestWithTgt.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/TgsRequestWithTgt.java
b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/TgsRequestWithTgt.java
index ee3151c..5f2e58a 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/TgsRequestWithTgt.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/TgsRequestWithTgt.java
@@ -21,6 +21,7 @@ package org.apache.kerby.kerberos.kerb.client.request;
 
 import org.apache.kerby.kerberos.kerb.KrbException;
 import org.apache.kerby.kerberos.kerb.client.KrbContext;
+import org.apache.kerby.kerberos.kerb.client.KrbKdcOption;
 import org.apache.kerby.kerberos.kerb.common.CheckSumUtil;
 import org.apache.kerby.kerberos.kerb.common.EncryptionUtil;
 import org.apache.kerby.kerberos.kerb.type.KerberosTime;
@@ -92,8 +93,13 @@ public class TgsRequestWithTgt extends TgsRequest {
         authenticator.setCtime(KerberosTime.now());
         authenticator.setCusec(0);
         authenticator.setSubKey(tgt.getSessionKey());
+        KerberosTime renewTill = null;
+
+        if (getRequestOptions().contains(KrbKdcOption.RENEW)) {
+            renewTill = tgt.getEncKdcRepPart().getRenewTill();
+        }
+        KdcReqBody reqBody = getReqBody(renewTill);
 
-        KdcReqBody reqBody = getReqBody();
         CheckSum checksum = CheckSumUtil.seal(reqBody, null,
             tgt.getSessionKey(), KeyUsage.TGS_REQ_AUTH_CKSUM);
         authenticator.setCksum(checksum);

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/05be3503/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ticket/SgtTicket.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ticket/SgtTicket.java
b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ticket/SgtTicket.java
index 86cdf1e..05c0485 100644
--- a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ticket/SgtTicket.java
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ticket/SgtTicket.java
@@ -19,13 +19,24 @@
  */
 package org.apache.kerby.kerberos.kerb.type.ticket;
 
+import org.apache.kerby.kerberos.kerb.type.base.PrincipalName;
 import org.apache.kerby.kerberos.kerb.type.kdc.EncTgsRepPart;
 
 /**
  * Service granting ticket.
  */
 public class SgtTicket extends KrbTicket {
+    private PrincipalName clientPrincipal;
+
     public SgtTicket(Ticket ticket, EncTgsRepPart encKdcRepPart) {
         super(ticket, encKdcRepPart);
     }
+
+    public PrincipalName getClientPrincipal() {
+        return clientPrincipal;
+    }
+
+    public void setClientPrincipal(PrincipalName clientPrincipal) {
+        this.clientPrincipal = clientPrincipal;
+    }
 }

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/05be3503/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/ccache/CredentialCache.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/ccache/CredentialCache.java
b/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/ccache/CredentialCache.java
index 0a56626..f742649 100644
--- a/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/ccache/CredentialCache.java
+++ b/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/ccache/CredentialCache.java
@@ -20,6 +20,7 @@
 package org.apache.kerby.kerberos.kerb.ccache;
 
 import org.apache.kerby.kerberos.kerb.type.base.PrincipalName;
+import org.apache.kerby.kerberos.kerb.type.ticket.SgtTicket;
 import org.apache.kerby.kerberos.kerb.type.ticket.TgtTicket;
 import org.apache.kerby.kerberos.kerb.type.ticket.Ticket;
 
@@ -53,6 +54,12 @@ public class CredentialCache implements KrbCredentialCache {
         setPrimaryPrincipal(tgt.getClientPrincipal());
     }
 
+    public CredentialCache(SgtTicket sgt) {
+        this();
+        addCredential(new Credential(sgt, sgt.getClientPrincipal()));
+        setPrimaryPrincipal(sgt.getClientPrincipal());
+    }
+
     public CredentialCache(Credential credential) {
         this();
         addCredential(credential);

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/05be3503/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/kinit/KinitTool.java
----------------------------------------------------------------------
diff --git a/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/kinit/KinitTool.java
b/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/kinit/KinitTool.java
index 735739e..f2e585c 100644
--- a/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/kinit/KinitTool.java
+++ b/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/kinit/KinitTool.java
@@ -61,7 +61,7 @@ public class KinitTool {
             + "\tOPTIONS:\n"
             + "\t\t-V verbose\n"
             + "\t\t-l lifetime\n"
-            + "\t\t--s start time\n"
+            + "\t\t-s start time\n"
             + "\t\t-r renewable lifetime\n"
             + "\t\t-f forwardable\n"
             + "\t\t-F not forwardable\n"
@@ -112,8 +112,7 @@ public class KinitTool {
         return password;
     }
 
-    private static void requestTicket(String principal,
-                                      KOptions ktOptions) throws KrbException {
+    private static void requestTicket(String principal, KOptions ktOptions) {
         ktOptions.add(KinitOption.CLIENT_PRINCIPAL, principal);
 
         File confDir = null;
@@ -121,6 +120,38 @@ public class KinitTool {
             confDir = ktOptions.getDirOption(KinitOption.CONF_DIR);
         }
 
+        KrbClient krbClient = null;
+        try {
+            krbClient = getClient(confDir);
+        } catch (KrbException e) {
+            System.err.println("Create krbClient failed: " + e.getMessage());
+            System.exit(1);
+        }
+
+        if (ktOptions.contains(KinitOption.RENEW)) {
+            if (ktOptions.contains(KinitOption.KRB5_CACHE)) {
+                String ccName = ktOptions.getStringOption(KinitOption.KRB5_CACHE);
+                File ccFile = new File(ccName);
+
+                SgtTicket sgtTicket = null;
+                try {
+                    sgtTicket = krbClient.requestSgt(ccFile);
+                } catch (KrbException e) {
+                    System.err.println("kinit: " + e.getKrbErrorCode().getMessage());
+                }
+
+                try {
+                    krbClient.storeTicket(sgtTicket, ccFile);
+                } catch (KrbException e) {
+                    System.err.println("kinit: " + e.getKrbErrorCode().getMessage());
+                }
+
+                System.out.println("Successfully renewed.");
+            }
+            return;
+        }
+
+
         if (ktOptions.contains(KinitOption.ANONYMOUS)) {
             ktOptions.add(PkinitOption.USE_ANONYMOUS);
             ktOptions.add(PkinitOption.X509_ANCHORS);
@@ -131,14 +162,6 @@ public class KinitTool {
             ktOptions.add(KinitOption.USER_PASSWD, password);
         }
 
-        KrbClient krbClient = null;
-        try {
-            krbClient = getClient(confDir);
-        } catch (KrbException e) {
-            System.err.println("Create krbClient failed: " + e.getMessage());
-            System.exit(1);
-        }
-
         TgtTicket tgt = null;
         try {
             tgt = krbClient.requestTgt(convertOptions(ktOptions));
@@ -168,8 +191,13 @@ public class KinitTool {
             + ccacheFile.getAbsolutePath());
         if (ktOptions.contains(KinitOption.SERVICE)) {
             String servicePrincipal = ktOptions.getStringOption(KinitOption.SERVICE);
-            SgtTicket sgtTicket =
-                    krbClient.requestSgt(tgt, servicePrincipal);
+            SgtTicket sgtTicket;
+            try {
+                sgtTicket = krbClient.requestSgt(tgt, servicePrincipal);
+            } catch (KrbException e) {
+                System.err.println("kinit: " + e.getKrbErrorCode().getMessage());
+                return;
+            }
             System.out.println("Successfully requested the service ticket for " + servicePrincipal
             + "\nKey version: " + sgtTicket.getTicket().getTktvno());
         }
@@ -191,7 +219,7 @@ public class KinitTool {
         return krbClient;
     }
 
-    public static void main(String[] args) throws Exception {
+    public static void main(String[] args) {
         KOptions ktOptions = new KOptions();
         KinitOption kto;
         String principal = null;
@@ -242,7 +270,7 @@ public class KinitTool {
         if (principal == null) {
             if (ktOptions.contains(KinitOption.ANONYMOUS)) {
                 principal = KrbConstant.ANONYMOUS_PRINCIPAL;
-            } else {
+            } else if (!ktOptions.contains(KinitOption.KRB5_CACHE)) {
                 printUsage("No principal is specified");
             }
         }


Mime
View raw message