directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From plusplusjia...@apache.org
Subject [02/15] directory-kerby git commit: Change the Maven groupId in HAS folder to org.apache.kerby.
Date Tue, 28 Nov 2017 03:04:03 GMT
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/a8b1c28f/has/has-tool/has-client-tool/src/main/java/org/apache/kerby/has/tool/client/hclient/HasClientLoginTool.java
----------------------------------------------------------------------
diff --git a/has/has-tool/has-client-tool/src/main/java/org/apache/kerby/has/tool/client/hclient/HasClientLoginTool.java b/has/has-tool/has-client-tool/src/main/java/org/apache/kerby/has/tool/client/hclient/HasClientLoginTool.java
new file mode 100644
index 0000000..f423a3b
--- /dev/null
+++ b/has/has-tool/has-client-tool/src/main/java/org/apache/kerby/has/tool/client/hclient/HasClientLoginTool.java
@@ -0,0 +1,269 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License.
+ *
+ */
+package org.apache.kerby.has.tool.client.hclient;
+
+import org.apache.kerby.has.client.HasAdminClient;
+import org.apache.kerby.has.client.HasAuthAdminClient;
+import org.apache.kerby.has.client.HasClient;
+import org.apache.kerby.has.common.HasConfig;
+import org.apache.kerby.has.common.HasException;
+import org.apache.kerby.has.common.util.HasJaasLoginUtil;
+import org.apache.kerby.has.common.util.HasUtil;
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.server.KdcConfig;
+import org.apache.kerby.kerberos.kerb.server.KdcUtil;
+import org.apache.kerby.kerberos.kerb.type.ticket.TgtTicket;
+import org.apache.kerby.util.OSUtil;
+
+import javax.security.auth.Subject;
+import java.io.File;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
+import java.util.concurrent.TimeUnit;
+
+public class HasClientLoginTool {
+    private static List<String> principalList = new ArrayList<String>();
+    private static List<File>  keytabList = new ArrayList<File>();
+
+    private static final String KEYTAB_USAGE = (OSUtil.isWindows()
+        ? "Usage: bin\\k=login-test.cmd" : "Usage: sh bin/login-test.sh")
+        + " [add|run|delete] [conf_dir] [work_dir] [number]\n"
+        + "\n";
+
+    private static final String TGT_USAGE = (OSUtil.isWindows()
+        ? "Usage: bin\\k=login-test.cmd" : "Usage: sh bin/login-test.sh")
+        + " tgt [conf_dir]\n"
+        + "\n";
+
+    private static void printKeytabUsage(String error) {
+        System.err.println(error + "\n");
+        System.err.println(KEYTAB_USAGE);
+        System.exit(-1);
+    }
+
+    private static void printTgtUsage(String error) {
+        System.err.println(error + "\n");
+        System.err.println(TGT_USAGE);
+        System.exit(-1);
+    }
+
+    public static class Task implements Runnable {
+        private int index;
+
+        Task(int index) {
+            this.index = index;
+        }
+
+        @Override
+        public void run() {
+            Subject subject = null;
+            try {
+                subject = HasJaasLoginUtil.loginUsingKeytab(principalList.get(index),
+                    keytabList.get(index));
+            } catch (IOException e) {
+                System.err.println("Fail to login using keytab. " + e);
+            }
+            System.out.println("Login succeeded for user: "
+                + subject.getPrincipals().iterator().next());
+        }
+    }
+
+    public static void main(String[] args) {
+
+        String cmd = args[0];
+        File confDir;
+        File workDir;
+
+        if (cmd.equals("tgt")) {
+            if (args.length != 2) {
+                printTgtUsage("Need 2 args.");
+                return;
+            }
+
+            confDir = new File(args[1]);
+            if (!confDir.exists()) {
+                printTgtUsage("Need the valid conf dir.");
+                return;
+            }
+            File confFile = new File(confDir, "hadmin.conf");
+            HasConfig hasConfig;
+            try {
+                hasConfig = HasUtil.getHasConfig(confFile);
+            } catch (HasException e) {
+                System.err.println(e.getMessage());
+                return;
+            }
+            if (hasConfig == null) {
+                System.err.println("hadmin.conf not exist in " + confDir.getAbsolutePath());
+                return;
+            }
+            String host = hasConfig.getHttpsHost();
+            String port = hasConfig.getHttpsPort();
+
+            HasClient hasClient = new HasClient();
+            TgtTicket tgtTicket;
+            try {
+                tgtTicket = hasClient.requestTgt();
+            } catch (HasException e) {
+                System.err.println("Errors occurred when getting TGT. " + e.getMessage());
+                return;
+            }
+
+            System.out.println("Get the tgt ticket successfully!");
+            System.out.println("The client principal of tgt ticket: " + tgtTicket.getClientPrincipal());
+
+            Subject subject = null;
+            try {
+                subject = HasJaasLoginUtil.loginUserFromTgtTicket(
+                    "https://" + host + ":" + port + "/has/v1?auth_type=RAM");
+            } catch (IOException e) {
+                System.err.println("Errors occurred when login user with TGT. " + e.getMessage());
+                return;
+            }
+
+            System.out.println("Principal: " + subject.getPrincipals().iterator().next());
+        } else {
+            if (args.length != 4) {
+                printKeytabUsage("Need 4 args.");
+                return;
+            }
+
+            confDir = new File(args[1]);
+            workDir = new File(args[2]);
+
+            if (!confDir.exists()) {
+                printKeytabUsage("Need the valid conf dir.");
+                return;
+            }
+            if (!workDir.exists()) {
+                printKeytabUsage("Need the valid work dir.");
+                return;
+            }
+
+            int taskNum = Integer.parseInt(args[3]);
+
+            System.out.println("The task num is: " + taskNum);
+
+            if (taskNum <= 0) {
+                printKeytabUsage("The task num must be greater than zero");
+                System.exit(-1);
+            }
+
+            HasAdminClient hasAdminClient;
+            HasAuthAdminClient authHasAdminClient = null;
+            File confFile = new File(confDir, "hadmin.conf");
+            HasConfig hasConfig = null;
+            try {
+                hasConfig = HasUtil.getHasConfig(confFile);
+            } catch (HasException e) {
+                System.err.println(e.getMessage());
+                return;
+            }
+
+            if (hasConfig == null) {
+                System.err.println("hadmin.conf not exist in " + confDir.getAbsolutePath());
+                return;
+            }
+
+            if (hasConfig.getFilterAuthType().equals("kerberos")) {
+                authHasAdminClient = new HasAuthAdminClient(hasConfig);
+            }
+            if (authHasAdminClient != null) {
+                hasAdminClient = authHasAdminClient;
+            } else {
+                hasAdminClient = new HasAdminClient(hasConfig);
+            }
+            String realm = null;
+            try {
+                KdcConfig kdcConfig = KdcUtil.getKdcConfig(confDir);
+                realm = kdcConfig.getKdcRealm();
+            } catch (KrbException e) {
+                printKeytabUsage(e.getMessage());
+            }
+
+            if (cmd.equals("add")) {
+                for (int i = 0; i < taskNum; i++) {
+                    String principal = "test" + i + "@" + realm;
+                    try {
+                        hasAdminClient.addPrincipal(principal);
+                    } catch (HasException e) {
+                        System.err.println("Errors occurred when adding principal. "
+                            + e.getMessage());
+                        return;
+                    }
+                    File keytabFile = new File(workDir, i + ".keytab");
+                    try {
+                        hasAdminClient.exportKeytab(keytabFile, principal);
+                    } catch (HasException e) {
+                        System.err.println("Errors occurred when exporting the keytabs. "
+                            + e.getMessage());
+                        return;
+                    }
+                    System.out.println("Add principals and keytabs successfully.");
+                }
+            } else if (cmd.equals("run")) {
+                ExecutorService exec;
+                for (int i = 0; i < taskNum; i++) {
+                    String principal = "test" + i + "@" + realm;
+                    principalList.add(i, principal);
+                    File file = new File(workDir, i + ".keytab");
+                    keytabList.add(i, file);
+                }
+                System.out.println("Start the login test.");
+                Long startTime = System.currentTimeMillis();
+                exec = Executors.newFixedThreadPool(5);
+                for (int i = 0; i < taskNum; ++i) {
+                    exec.submit(new Task(i));
+                }
+                exec.shutdown();
+                try {
+                    exec.awaitTermination(Long.MAX_VALUE, TimeUnit.NANOSECONDS);
+                } catch (InterruptedException e) {
+                    System.err.println(e.getMessage());
+                    return;
+                }
+                Long endTime = System.currentTimeMillis();
+                System.out.println("Finish the login test.");
+                System.out.println("Cost time: " + (endTime - startTime) + "ms");
+            } else if (cmd.equals("delete")) {
+                for (int i = 0; i < taskNum; i++) {
+                    String principal = "test" + i + "@" + realm;
+                    try {
+                        hasAdminClient.deletePrincipal(principal);
+                    } catch (HasException e) {
+                        System.err.println("Errors occurred when deleting the principal. "
+                            + e.getMessage());
+                        continue;
+                    }
+                    File file = new File(workDir, i + ".keytab");
+                    if (!file.delete()) {
+                        System.err.println("Failed to delete " + i + ".keytab.");
+                    }
+                }
+                System.out.println("Delete principals and keytabs successfully.");
+            } else {
+                printKeytabUsage("Need the cmd with add, run or delete.");
+            }
+        }
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/a8b1c28f/has/has-tool/has-client-tool/src/main/java/org/apache/kerby/has/tool/client/kdcinit/HasInitTool.java
----------------------------------------------------------------------
diff --git a/has/has-tool/has-client-tool/src/main/java/org/apache/kerby/has/tool/client/kdcinit/HasInitTool.java b/has/has-tool/has-client-tool/src/main/java/org/apache/kerby/has/tool/client/kdcinit/HasInitTool.java
new file mode 100644
index 0000000..1171d02
--- /dev/null
+++ b/has/has-tool/has-client-tool/src/main/java/org/apache/kerby/has/tool/client/kdcinit/HasInitTool.java
@@ -0,0 +1,132 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License.
+ *
+ */
+package org.apache.kerby.has.tool.client.kdcinit;
+
+import org.apache.kerby.has.client.HasAdminClient;
+import org.apache.kerby.has.common.HasConfig;
+import org.apache.kerby.has.common.HasException;
+import org.apache.kerby.has.common.util.HasUtil;
+import org.apache.kerby.has.tool.client.kdcinit.cmd.*;
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.util.OSUtil;
+
+import java.io.File;
+import java.util.Scanner;
+
+public class HasInitTool {
+    private static final String PROMPT = HasInitTool.class.getSimpleName();
+    private static final String USAGE = (OSUtil.isWindows()
+            ? "Usage: bin\\hadmin.cmd" : "Usage: sh bin/kdcinit.sh")
+            + " <conf-file>\n"
+            + "\tExample:\n"
+            + "\t\t"
+            + (OSUtil.isWindows()
+            ? "bin\\kdcinit.cmd" : "sh bin/kdcinit.sh")
+            + " conf\n";
+
+    private static final String LEGAL_COMMANDS = "Available commands are: "
+            + "\n"
+            + "get_krb5conf, getkrb5\n"
+            + "                         Get krb5.conf\n"
+            + "get_hasConf, gethas\n"
+            + "                         Get has-client.conf\n"
+            + "set_plugin, setplugin\n"
+            + "                         Set plugin\n"
+            + "config_kdcBackend, confbackend\n"
+            + "                         Config kdc backend\n"
+            + "config_kdc, confkdc\n"
+            + "                         Config kdc\n"
+            + "start_kdc, start\n"
+            + "                         Start kdc\n"
+            + "init_kdc, init\n"
+            + "                         Init kdc\n";
+
+    public static void main(String[] args) {
+        if (args.length < 1) {
+            System.err.println(USAGE);
+            System.exit(1);
+        }
+        String confDirPath = args[0];
+        File confFile = new File(confDirPath, "hadmin.conf");
+        HasConfig hasConfig;
+        try {
+            hasConfig = HasUtil.getHasConfig(confFile);
+        } catch (HasException e) {
+            System.err.println(e.getMessage());
+            return;
+        }
+
+        System.out.println(LEGAL_COMMANDS);
+        System.out.println("enter \"<cmd> [?][-help]\" to get cmd help.");
+        Scanner scanner = new Scanner(System.in, "UTF-8");
+        System.out.print(PROMPT + ": ");
+        String input = scanner.nextLine();
+
+        HasAdminClient hadmin = new HasAdminClient(hasConfig, new File(confDirPath));
+        while (!(input.equals("quit") || input.equals("exit") || input.equals("q"))) {
+            try {
+                execute(hadmin, input);
+            } catch (KrbException e) {
+                System.err.println(e.getMessage());
+            }
+            System.out.print(PROMPT + ": ");
+            input = scanner.nextLine();
+        }
+    }
+
+    private static void execute(HasAdminClient hadmin, String input) throws KrbException {
+        input = input.trim();
+        if (input.startsWith("cmd")) {
+            System.out.println(LEGAL_COMMANDS);
+            return;
+        }
+        String[] items = input.split("\\s+");
+        String cmd = items[0];
+
+        KdcInitCmd executor;
+        if (cmd.equals("get_krb5conf")
+                || cmd.equals("getkrb5")) {
+            executor = new HasGetKrb5confCmd(hadmin);
+        } else if (cmd.equals("get_hasConf")
+                || cmd.equals("gethas")) {
+            executor = new HasGetHasconfCmd(hadmin);
+        } else if (cmd.equals("set_plugin")
+                || cmd.equals("setplugin")) {
+            executor = new HasSetPluginCmd(hadmin);
+        } else if (cmd.equals("config_kdcBackend")
+                || cmd.equals("confbackend")) {
+            executor = new HasConfKdcBackendCmd(hadmin);
+        } else if (cmd.equals("config_kdc")
+                || cmd.equals("confkdc")) {
+            executor = new HasConfKdcCmd(hadmin);
+        } else if (cmd.equals("start_kdc")
+                || cmd.equals("start")) {
+            executor = new HasStartKdcCmd(hadmin);
+        } else if (cmd.equals("init_kdc")
+                || cmd.equals("init")) {
+            executor = new HasInitKdcCmd(hadmin);
+        } else {
+            System.out.println(LEGAL_COMMANDS);
+            return;
+        }
+        executor.execute(items);
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/a8b1c28f/has/has-tool/has-client-tool/src/main/java/org/apache/kerby/has/tool/client/kdcinit/cmd/HasConfKdcBackendCmd.java
----------------------------------------------------------------------
diff --git a/has/has-tool/has-client-tool/src/main/java/org/apache/kerby/has/tool/client/kdcinit/cmd/HasConfKdcBackendCmd.java b/has/has-tool/has-client-tool/src/main/java/org/apache/kerby/has/tool/client/kdcinit/cmd/HasConfKdcBackendCmd.java
new file mode 100644
index 0000000..7423cbf
--- /dev/null
+++ b/has/has-tool/has-client-tool/src/main/java/org/apache/kerby/has/tool/client/kdcinit/cmd/HasConfKdcBackendCmd.java
@@ -0,0 +1,66 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License.
+ *
+ */
+package org.apache.kerby.has.tool.client.kdcinit.cmd;
+
+import org.apache.kerby.has.client.HasAdminClient;
+import org.apache.kerby.kerberos.kerb.KrbException;
+
+/**
+ * Remote config kdc cmd
+ */
+public class HasConfKdcBackendCmd extends KdcInitCmd {
+
+    public static final String USAGE = "Usage: config_kdcBackend <backendType> [dir] [url] [user]"
+        + " [password]\n"
+        + "\tSupported backendType : json,mysql\n"
+        + "\tExample:\n"
+        + "\t\tconfig_kdcBackend json /tmp/has/jsonbackend \n"
+        + "\t\tconfig_kdcBackend mysql jdbc:mysql://127.0.0.1:3306/mysqlbackend root passwd\n";
+
+    public HasConfKdcBackendCmd(HasAdminClient hadmin) {
+        super(hadmin);
+    }
+
+    @Override
+    public void execute(String[] items) throws KrbException {
+        if (items.length >= 2) {
+            if (items[1].startsWith("?") || items[1].startsWith("-help")) {
+                System.out.println(USAGE);
+                return;
+            }
+        }
+        if (items.length < 3) {
+            System.err.println(USAGE);
+            return;
+        }
+
+        HasAdminClient hasAdminClient = getHadmin();
+        if (items.length >= 3 && items[1].equals("json")) {
+            hasAdminClient.configKdcBackend(items[1], items[2],
+                    null, null, null);
+        } else if (items.length >= 5 && items[1].equals("mysql")) {
+            hasAdminClient.configKdcBackend(items[1], null,
+                    items[2], items[3], items[4]);
+        } else {
+            System.err.println(USAGE);
+            return;
+        }
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/a8b1c28f/has/has-tool/has-client-tool/src/main/java/org/apache/kerby/has/tool/client/kdcinit/cmd/HasConfKdcCmd.java
----------------------------------------------------------------------
diff --git a/has/has-tool/has-client-tool/src/main/java/org/apache/kerby/has/tool/client/kdcinit/cmd/HasConfKdcCmd.java b/has/has-tool/has-client-tool/src/main/java/org/apache/kerby/has/tool/client/kdcinit/cmd/HasConfKdcCmd.java
new file mode 100644
index 0000000..ce73dce
--- /dev/null
+++ b/has/has-tool/has-client-tool/src/main/java/org/apache/kerby/has/tool/client/kdcinit/cmd/HasConfKdcCmd.java
@@ -0,0 +1,54 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License.
+ *
+ */
+package org.apache.kerby.has.tool.client.kdcinit.cmd;
+
+import org.apache.kerby.has.client.HasAdminClient;
+import org.apache.kerby.kerberos.kerb.KrbException;
+
+/**
+ * Remote config kdc cmd
+ */
+public class HasConfKdcCmd extends KdcInitCmd {
+
+    public static final String USAGE = "Usage: config_kdc <host> <port> <realm>\n"
+        + "\tExample:\n"
+        + "\t\tconfig_kdc localhost 88 HADOOP.COM\n";
+
+    public HasConfKdcCmd(HasAdminClient hadmin) {
+        super(hadmin);
+    }
+
+    @Override
+    public void execute(String[] items) throws KrbException {
+        if (items.length >= 2) {
+            if (items[1].startsWith("?") || items[1].startsWith("-help")) {
+                System.out.println(USAGE);
+                return;
+            }
+        }
+        if (items.length < 4) {
+            System.err.println(USAGE);
+            return;
+        }
+
+        HasAdminClient hasAdminClient = getHadmin();
+        hasAdminClient.configKdc(items[2], items[3], items[1]);
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/a8b1c28f/has/has-tool/has-client-tool/src/main/java/org/apache/kerby/has/tool/client/kdcinit/cmd/HasGetHasconfCmd.java
----------------------------------------------------------------------
diff --git a/has/has-tool/has-client-tool/src/main/java/org/apache/kerby/has/tool/client/kdcinit/cmd/HasGetHasconfCmd.java b/has/has-tool/has-client-tool/src/main/java/org/apache/kerby/has/tool/client/kdcinit/cmd/HasGetHasconfCmd.java
new file mode 100644
index 0000000..efa92f6
--- /dev/null
+++ b/has/has-tool/has-client-tool/src/main/java/org/apache/kerby/has/tool/client/kdcinit/cmd/HasGetHasconfCmd.java
@@ -0,0 +1,77 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License.
+ *
+ */
+package org.apache.kerby.has.tool.client.kdcinit.cmd;
+
+import org.apache.kerby.has.client.HasAdminClient;
+import org.apache.kerby.kerberos.kerb.KrbException;
+
+import java.io.File;
+import java.io.FileNotFoundException;
+import java.io.FileOutputStream;
+import java.io.PrintStream;
+
+/**
+ * Remote get has-client.conf cmd
+ */
+public class HasGetHasconfCmd extends KdcInitCmd {
+
+    public static final String USAGE = "Usage: get_hasConf [-p] [path]\n"
+        + "\tExample:\n"
+        + "\t\tget_hasConf\n";
+
+    public HasGetHasconfCmd(HasAdminClient hadmin) {
+        super(hadmin);
+    }
+
+    @Override
+    public void execute(String[] items) throws KrbException {
+        if (items.length >= 2) {
+            if (items[1].startsWith("?") || items[1].startsWith("-help")) {
+                System.out.println(USAGE);
+                return;
+            }
+        }
+        File path = getHadmin().getConfDir();
+        if (items.length >= 3 && items[1].startsWith("-p")) {
+            path = new File(items[2]);
+            if (!path.exists()) {
+                if (!path.mkdirs()) {
+                    System.err.println("Cannot create file : " + items[2]);
+                    return;
+                }
+            }
+        }
+        File hasConf = new File(path, "has-client.conf");
+
+        HasAdminClient hasAdminClient = getHadmin();
+        String content = hasAdminClient.getHasconf();
+        if (content == null) {
+            System.err.println("Failed to get has.conf.");
+            return;
+        }
+        try {
+            PrintStream ps = new PrintStream(new FileOutputStream(hasConf));
+            ps.println(content);
+            System.out.println("has-client.conf has saved in : " + hasConf.getAbsolutePath());
+        } catch (FileNotFoundException e) {
+            System.err.println(e.getMessage());
+        }
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/a8b1c28f/has/has-tool/has-client-tool/src/main/java/org/apache/kerby/has/tool/client/kdcinit/cmd/HasGetKrb5confCmd.java
----------------------------------------------------------------------
diff --git a/has/has-tool/has-client-tool/src/main/java/org/apache/kerby/has/tool/client/kdcinit/cmd/HasGetKrb5confCmd.java b/has/has-tool/has-client-tool/src/main/java/org/apache/kerby/has/tool/client/kdcinit/cmd/HasGetKrb5confCmd.java
new file mode 100644
index 0000000..bbe93cf
--- /dev/null
+++ b/has/has-tool/has-client-tool/src/main/java/org/apache/kerby/has/tool/client/kdcinit/cmd/HasGetKrb5confCmd.java
@@ -0,0 +1,77 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License.
+ *
+ */
+package org.apache.kerby.has.tool.client.kdcinit.cmd;
+
+import org.apache.kerby.has.client.HasAdminClient;
+import org.apache.kerby.kerberos.kerb.KrbException;
+
+import java.io.File;
+import java.io.FileNotFoundException;
+import java.io.FileOutputStream;
+import java.io.PrintStream;
+
+/**
+ * Remote get krb5.conf cmd
+ */
+public class HasGetKrb5confCmd extends KdcInitCmd {
+
+    public static final String USAGE = "Usage: get_krb5conf [-p] [path]\n"
+        + "\tExample:\n"
+        + "\t\tget_krb5conf -p /tmp/has\n";
+
+    public HasGetKrb5confCmd(HasAdminClient hadmin) {
+        super(hadmin);
+    }
+
+    @Override
+    public void execute(String[] items) throws KrbException {
+        if (items.length >= 2) {
+            if (items[1].startsWith("?") || items[1].startsWith("-help")) {
+                System.out.println(USAGE);
+                return;
+            }
+        }
+        File path = getHadmin().getConfDir();
+        if (items.length >= 3 && items[1].startsWith("-p")) {
+            path = new File(items[2]);
+            if (!path.exists()) {
+                if (!path.mkdirs()) {
+                    System.err.println("Cannot create file : " + items[2]);
+                    return;
+                }
+            }
+        }
+        File krb5Conf = new File(path, "krb5.conf");
+
+        HasAdminClient hasAdminClient = getHadmin();
+        String content = hasAdminClient.getKrb5conf();
+        if (content == null) {
+            System.err.println("Failed to get krb5.conf.");
+            return;
+        }
+        try {
+            PrintStream ps = new PrintStream(new FileOutputStream(krb5Conf));
+            ps.println(content);
+            System.out.println("krb5.conf has saved in : " + krb5Conf.getAbsolutePath());
+        } catch (FileNotFoundException e) {
+            System.err.println(e.getMessage());
+        }
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/a8b1c28f/has/has-tool/has-client-tool/src/main/java/org/apache/kerby/has/tool/client/kdcinit/cmd/HasInitKdcCmd.java
----------------------------------------------------------------------
diff --git a/has/has-tool/has-client-tool/src/main/java/org/apache/kerby/has/tool/client/kdcinit/cmd/HasInitKdcCmd.java b/has/has-tool/has-client-tool/src/main/java/org/apache/kerby/has/tool/client/kdcinit/cmd/HasInitKdcCmd.java
new file mode 100644
index 0000000..895b10a
--- /dev/null
+++ b/has/has-tool/has-client-tool/src/main/java/org/apache/kerby/has/tool/client/kdcinit/cmd/HasInitKdcCmd.java
@@ -0,0 +1,94 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License.
+ *
+ */
+package org.apache.kerby.has.tool.client.kdcinit.cmd;
+
+import org.apache.kerby.has.client.HasAdminClient;
+import org.apache.kerby.kerberos.kerb.KrbException;
+
+import java.io.File;
+import java.io.FileNotFoundException;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+
+/**
+ * Remote init kdc cmd
+ */
+public class HasInitKdcCmd extends KdcInitCmd {
+
+    public static final String USAGE = "Usage: init_kdc [-p] [path]\n"
+        + "\tExample:\n"
+        + "\t\tinit_kdc\n";
+
+    public HasInitKdcCmd(HasAdminClient hadmin) {
+        super(hadmin);
+    }
+
+    @Override
+    public void execute(String[] items) throws KrbException {
+        if (items.length >= 2) {
+            if (items[1].startsWith("?") || items[1].startsWith("-help")) {
+                System.out.println(USAGE);
+                return;
+            }
+        }
+        File path = getHadmin().getConfDir();
+        if (items.length >= 3 && items[1].startsWith("-p")) {
+            path = new File(items[2]);
+            if (!path.exists()) {
+                if (!path.mkdirs()) {
+                    System.err.println("Cannot create file : " + items[2]);
+                    return;
+                }
+            }
+        }
+        File hadminKeytab = new File(path, "admin.keytab");
+
+        HasAdminClient hasAdminClient = getHadmin();
+        InputStream content = hasAdminClient.initKdc();
+
+        if (content == null) {
+            System.err.println("Failed to init kdc.");
+            return;
+        }
+
+        FileOutputStream fos = null;
+        try {
+            fos = new FileOutputStream(hadminKeytab);
+        } catch (FileNotFoundException e) {
+            System.err.println("the admin keytab file not found. " + e.getMessage());
+        }
+        byte[] buffer = new byte[4 * 1024];
+        int read;
+        try {
+            while ((read = content.read(buffer)) > 0) {
+                fos.write(buffer, 0, read);
+            }
+            fos.close();
+            content.close();
+        } catch (IOException e) {
+            System.err.println("Errors occurred when getting the admin.keytab. " + e.getMessage());
+        }
+
+        System.out.println("admin.keytab has saved in : " + hadminKeytab.getAbsolutePath()
+            + ",\nplease safely save it to use hadmin.");
+
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/a8b1c28f/has/has-tool/has-client-tool/src/main/java/org/apache/kerby/has/tool/client/kdcinit/cmd/HasSetPluginCmd.java
----------------------------------------------------------------------
diff --git a/has/has-tool/has-client-tool/src/main/java/org/apache/kerby/has/tool/client/kdcinit/cmd/HasSetPluginCmd.java b/has/has-tool/has-client-tool/src/main/java/org/apache/kerby/has/tool/client/kdcinit/cmd/HasSetPluginCmd.java
new file mode 100644
index 0000000..a06230b
--- /dev/null
+++ b/has/has-tool/has-client-tool/src/main/java/org/apache/kerby/has/tool/client/kdcinit/cmd/HasSetPluginCmd.java
@@ -0,0 +1,53 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License.
+ *
+ */
+package org.apache.kerby.has.tool.client.kdcinit.cmd;
+
+import org.apache.kerby.has.client.HasAdminClient;
+import org.apache.kerby.kerberos.kerb.KrbException;
+
+/**
+ * Remote set plugin cmd
+ */
+public class HasSetPluginCmd extends KdcInitCmd {
+
+    public static final String USAGE = "Usage: set_plugin <plugin>\n"
+        + "\tExample:\n"
+        + "\t\tset_plugin RAM\n";
+
+    public HasSetPluginCmd(HasAdminClient hadmin) {
+        super(hadmin);
+    }
+
+    @Override
+    public void execute(String[] items) throws KrbException {
+        if (items.length >= 2) {
+            if (items[1].startsWith("?") || items[1].startsWith("-help")) {
+                System.out.println(USAGE);
+                return;
+            }
+        } else {
+            System.err.println(USAGE);
+            return;
+        }
+
+        HasAdminClient hasAdminClient = getHadmin();
+        hasAdminClient.setPlugin(items[1]);
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/a8b1c28f/has/has-tool/has-client-tool/src/main/java/org/apache/kerby/has/tool/client/kdcinit/cmd/HasStartKdcCmd.java
----------------------------------------------------------------------
diff --git a/has/has-tool/has-client-tool/src/main/java/org/apache/kerby/has/tool/client/kdcinit/cmd/HasStartKdcCmd.java b/has/has-tool/has-client-tool/src/main/java/org/apache/kerby/has/tool/client/kdcinit/cmd/HasStartKdcCmd.java
new file mode 100644
index 0000000..466cee7
--- /dev/null
+++ b/has/has-tool/has-client-tool/src/main/java/org/apache/kerby/has/tool/client/kdcinit/cmd/HasStartKdcCmd.java
@@ -0,0 +1,49 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License.
+ *
+ */
+package org.apache.kerby.has.tool.client.kdcinit.cmd;
+
+import org.apache.kerby.has.client.HasAdminClient;
+import org.apache.kerby.kerberos.kerb.KrbException;
+
+/**
+ * Remote start kdc cmd
+ */
+public class HasStartKdcCmd extends KdcInitCmd {
+
+    public static final String USAGE = "Usage: start_kdc\n"
+        + "\tExample:\n"
+        + "\t\tstart\n";
+
+    public HasStartKdcCmd(HasAdminClient hadmin) {
+        super(hadmin);
+    }
+
+    @Override
+    public void execute(String[] items) throws KrbException {
+        if (items.length >= 2) {
+            if (items[1].startsWith("?") || items[1].startsWith("-help")) {
+                System.out.println(USAGE);
+                return;
+            }
+        }
+        HasAdminClient hasAdminClient = getHadmin();
+        hasAdminClient.startKdc();
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/a8b1c28f/has/has-tool/has-client-tool/src/main/java/org/apache/kerby/has/tool/client/kdcinit/cmd/KdcInitCmd.java
----------------------------------------------------------------------
diff --git a/has/has-tool/has-client-tool/src/main/java/org/apache/kerby/has/tool/client/kdcinit/cmd/KdcInitCmd.java b/has/has-tool/has-client-tool/src/main/java/org/apache/kerby/has/tool/client/kdcinit/cmd/KdcInitCmd.java
new file mode 100644
index 0000000..310cfa3
--- /dev/null
+++ b/has/has-tool/has-client-tool/src/main/java/org/apache/kerby/has/tool/client/kdcinit/cmd/KdcInitCmd.java
@@ -0,0 +1,42 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License.
+ *
+ */
+package org.apache.kerby.has.tool.client.kdcinit.cmd;
+
+import org.apache.kerby.has.client.HasAdminClient;
+import org.apache.kerby.kerberos.kerb.KrbException;
+
+public abstract class KdcInitCmd {
+
+    private HasAdminClient hadmin;
+
+    public KdcInitCmd(HasAdminClient hadmin) {
+        this.hadmin = hadmin;
+    }
+
+    protected HasAdminClient getHadmin() {
+        return hadmin;
+    }
+
+    /**
+     * Execute the kdc init cmd.
+     * @param input Input cmd to execute
+     */
+    public abstract void execute(String[] input) throws KrbException;
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/a8b1c28f/has/has-tool/has-client-tool/src/main/java/org/apache/kerby/has/tool/client/kinit/KinitOption.java
----------------------------------------------------------------------
diff --git a/has/has-tool/has-client-tool/src/main/java/org/apache/kerby/has/tool/client/kinit/KinitOption.java b/has/has-tool/has-client-tool/src/main/java/org/apache/kerby/has/tool/client/kinit/KinitOption.java
new file mode 100644
index 0000000..f96fa7c
--- /dev/null
+++ b/has/has-tool/has-client-tool/src/main/java/org/apache/kerby/has/tool/client/kinit/KinitOption.java
@@ -0,0 +1,88 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *
+ */
+package org.apache.kerby.has.tool.client.kinit;
+
+import org.apache.kerby.KOption;
+import org.apache.kerby.KOptionInfo;
+import org.apache.kerby.KOptionType;
+import org.apache.kerby.kerberos.kerb.client.KrbOptionGroup;
+
+public enum KinitOption implements KOption {
+    NONE(null),
+
+    CLIENT_PRINCIPAL(new KOptionInfo("client-principal", "Client principal",
+        KrbOptionGroup.KRB, KOptionType.STR)),
+    LIFE_TIME(new KOptionInfo("-l", "lifetime",
+        KrbOptionGroup.KRB, KOptionType.DURATION)),
+    START_TIME(new KOptionInfo("-s", "start time",
+        KrbOptionGroup.KRB, KOptionType.DURATION)),
+    RENEWABLE_LIFE(new KOptionInfo("-r", "renewable lifetime",
+        KrbOptionGroup.KRB, KOptionType.DURATION)),
+    FORWARDABLE(new KOptionInfo("-f", "forwardable",
+        KrbOptionGroup.KDC_FLAGS)),
+    NOT_FORWARDABLE(new KOptionInfo("-F", "not forwardable",
+        KrbOptionGroup.KDC_FLAGS)),
+    PROXIABLE(new KOptionInfo("-p", "proxiable",
+        KrbOptionGroup.KDC_FLAGS)),
+    NOT_PROXIABLE(new KOptionInfo("-P", "not proxiable",
+        KrbOptionGroup.KDC_FLAGS)),
+    RENEW(new KOptionInfo("-R", "renew",
+        KrbOptionGroup.KDC_FLAGS)),
+    USE_PASSWD(new KOptionInfo("using-password", "using password",
+        KrbOptionGroup.KRB)),
+    USER_PASSWD(new KOptionInfo("user-passwd", "User plain password",
+        KrbOptionGroup.KRB)),
+    USE_KEYTAB(new KOptionInfo("-k", "use keytab",
+        KrbOptionGroup.KRB)),
+    USE_DFT_KEYTAB(new KOptionInfo("-i", "use default client keytab (with -k)",
+        KrbOptionGroup.KRB)),
+    KEYTAB_FILE(new KOptionInfo("-t", "filename of keytab to use",
+        KrbOptionGroup.KRB, KOptionType.FILE)),
+    KRB5_CACHE(new KOptionInfo("-c", "Kerberos 5 cache name",
+        KrbOptionGroup.KRB, KOptionType.STR)),
+    SERVICE(new KOptionInfo("-S", "service",
+        KrbOptionGroup.KRB, KOptionType.STR)),
+
+    CONF_DIR(new KOptionInfo("-conf", "conf dir", KrbOptionGroup.KRB, KOptionType.DIR));
+
+    private final KOptionInfo optionInfo;
+
+    KinitOption(KOptionInfo optionInfo) {
+        this.optionInfo = optionInfo;
+    }
+
+    @Override
+    public KOptionInfo getOptionInfo() {
+        return optionInfo;
+    }
+
+    public static KinitOption fromName(String name) {
+        if (name != null) {
+            for (KinitOption ko : values()) {
+                if (ko.optionInfo != null
+                        && ko.optionInfo.getName().equals(name)) {
+                    return ko;
+                }
+            }
+        }
+        return NONE;
+    }
+}
+

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/a8b1c28f/has/has-tool/has-client-tool/src/main/java/org/apache/kerby/has/tool/client/kinit/KinitTool.java
----------------------------------------------------------------------
diff --git a/has/has-tool/has-client-tool/src/main/java/org/apache/kerby/has/tool/client/kinit/KinitTool.java b/has/has-tool/has-client-tool/src/main/java/org/apache/kerby/has/tool/client/kinit/KinitTool.java
new file mode 100644
index 0000000..f95fe91
--- /dev/null
+++ b/has/has-tool/has-client-tool/src/main/java/org/apache/kerby/has/tool/client/kinit/KinitTool.java
@@ -0,0 +1,384 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *
+ */
+package org.apache.kerby.has.tool.client.kinit;
+
+import org.apache.kerby.KOption;
+import org.apache.kerby.KOptionGroup;
+import org.apache.kerby.KOptionInfo;
+import org.apache.kerby.KOptionType;
+import org.apache.kerby.KOptions;
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.client.KrbClient;
+import org.apache.kerby.kerberos.kerb.client.KrbKdcOption;
+import org.apache.kerby.kerberos.kerb.client.KrbOption;
+import org.apache.kerby.kerberos.kerb.client.KrbOptionGroup;
+import org.apache.kerby.kerberos.kerb.client.PkinitOption;
+import org.apache.kerby.kerberos.kerb.client.TokenOption;
+import org.apache.kerby.kerberos.kerb.type.ticket.SgtTicket;
+import org.apache.kerby.kerberos.kerb.type.ticket.TgtTicket;
+import org.apache.kerby.util.OSUtil;
+import org.apache.kerby.util.SysUtil;
+
+import java.io.Console;
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Arrays;
+import java.util.Scanner;
+
+/**
+ * kinit like tool
+ *
+ * Ref. MIT kinit command tool usage.
+ */
+public class KinitTool {
+
+    private static final String USAGE = (OSUtil.isWindows()
+            ? "Usage: bin\\kinit.cmd" : "Usage: sh bin/kinit.sh")
+            + " <-conf conf_dir> [-V] [-l lifetime] [-s start_time]\n"
+            + "\t\t[-r renewable_life] [-f | -F] [-p | -P] -n [-a | -A] [-C] [-E]\n"
+            + "\t\t[-v] [-R] [-k [-i|-t keytab_file]] [-c cachename]\n"
+            + "\t\t[-S service_name] [-T ticket_armor_cache]\n"
+            + "\t\t[-X <attribute>[=<value>]] <principal>\n\n"
+            + "\tDESCRIPTION:\n"
+            + "\t\tkinit obtains and caches an initial ticket-granting ticket for principal.\n\n"
+            + "\tOPTIONS:\n"
+            + "\t\t-V verbose\n"
+            + "\t\t-l lifetime\n"
+            + "\t\t-s start time\n"
+            + "\t\t-r renewable lifetime\n"
+            + "\t\t-f forwardable\n"
+            + "\t\t-F not forwardable\n"
+            + "\t\t-p proxiable\n"
+            + "\t\t-P not proxiable\n"
+            + "\t\t-n anonymous\n"
+            + "\t\t-a include addresses\n"
+            + "\t\t-A do not include addresses\n"
+            + "\t\t-v validate\n"
+            + "\t\t-R renew\n"
+            + "\t\t-C canonicalize\n"
+            + "\t\t-E client is enterprise principal name\n"
+            + "\t\t-k use keytab\n"
+            + "\t\t-i use default client keytab (with -k)\n"
+            + "\t\t-t filename of keytab to use\n"
+            + "\t\t-c Kerberos 5 cache name\n"
+            + "\t\t-S service\n"
+            + "\t\t-T armor credential cache\n"
+            + "\t\t-X <attribute>[=<value>]\n"
+            + "\n";
+
+    private static void printUsage(String error) {
+        System.err.println(error + "\n");
+        System.err.println(USAGE);
+        System.exit(-1);
+    }
+
+    private static final String KVNO_USAGE = (OSUtil.isWindows()
+        ? "Usage: bin\\kinit.cmd" : "Usage: sh bin/kinit.sh")
+        + " <-conf conf_dir> <-c cachename> <-S service_name>\n\n"
+        + "\tDESCRIPTION:\n"
+        + "\t\tkinit obtains a service ticket for the specified principal and prints out the key version number.\n"
+        + "\n";
+
+    private static void printKvnoUsage(String error) {
+        System.err.println(error + "\n");
+        System.err.println(KVNO_USAGE);
+        System.exit(-1);
+    }
+
+    /**
+     * Get password for the input principal from console
+     */
+    private static String getPassword(String principal) {
+        Console console = System.console();
+        if (console == null) {
+            System.out.println("Couldn't get Console instance, "
+                    + "maybe you're running this from within an IDE. "
+                    + "Use scanner to read password.");
+            System.out.println("Password for " + principal + ":");
+            try (Scanner scanner = new Scanner(System.in, "UTF-8")) {
+                return scanner.nextLine().trim();
+            }
+        }
+        console.printf("Password for " + principal + ":");
+        char[] passwordChars = console.readPassword();
+        String password = new String(passwordChars).trim();
+        Arrays.fill(passwordChars, ' ');
+
+        return password;
+    }
+
+    private static void requestTicket(String principal, KOptions ktOptions) {
+        ktOptions.add(KinitOption.CLIENT_PRINCIPAL, principal);
+
+        File confDir = null;
+        if (ktOptions.contains(KinitOption.CONF_DIR)) {
+            confDir = ktOptions.getDirOption(KinitOption.CONF_DIR);
+        }
+
+        KrbClient krbClient = null;
+        try {
+            krbClient = getClient(confDir);
+        } catch (KrbException e) {
+            System.err.println("Create krbClient failed: " + e.getMessage());
+            System.exit(1);
+        }
+
+        if (ktOptions.contains(KinitOption.RENEW)) {
+            if (ktOptions.contains(KinitOption.KRB5_CACHE)) {
+                String ccName = ktOptions.getStringOption(KinitOption.KRB5_CACHE);
+                File ccFile = new File(ccName);
+
+                SgtTicket sgtTicket = null;
+                try {
+                    sgtTicket = krbClient.requestSgt(ccFile, null);
+                } catch (KrbException e) {
+                    System.err.println("kinit: " + e.getKrbErrorCode().getMessage());
+                }
+
+                try {
+                    krbClient.renewTicket(sgtTicket, ccFile);
+                } catch (KrbException e) {
+                    System.err.println("kinit: " + e.getKrbErrorCode().getMessage());
+                }
+
+                System.out.println("Successfully renewed.");
+            }
+            return;
+        }
+
+        if (ktOptions.contains(KinitOption.SERVICE) && ktOptions.contains(KinitOption.KRB5_CACHE)) {
+            String ccName = ktOptions.getStringOption(KinitOption.KRB5_CACHE);
+            File ccFile = new File(ccName);
+            if (ccFile.exists()) {
+                System.out.println("Use credential cache to request a service ticket.");
+                String servicePrincipal = ktOptions.getStringOption(KinitOption.SERVICE);
+                SgtTicket sgtTicket = null;
+                try {
+                    sgtTicket = krbClient.requestSgt(ccFile, servicePrincipal);
+                } catch (KrbException e) {
+                    System.err.println("Kinit: get service ticket failed: " + e.getMessage());
+                    System.exit(1);
+                }
+
+                try {
+                    krbClient.storeTicket(sgtTicket, ccFile);
+                } catch (KrbException e) {
+                    System.err.println("Kinit: store ticket failed: " + e.getMessage());
+                    System.exit(1);
+                }
+
+                System.out.println(sgtTicket.getEncKdcRepPart().getSname().getName() + ": knvo = "
+                    + sgtTicket.getTicket().getEncryptedEncPart().getKvno());
+                return;
+            }
+        }
+
+        if (!ktOptions.contains(KinitOption.USE_KEYTAB)) {
+            //If not request tickets by keytab than by password.
+            ktOptions.add(KinitOption.USE_PASSWD);
+            String password = getPassword(principal);
+            ktOptions.add(KinitOption.USER_PASSWD, password);
+        }
+
+        TgtTicket tgt = null;
+        try {
+            tgt = krbClient.requestTgt(convertOptions(ktOptions));
+        } catch (KrbException e) {
+            System.err.println("Authentication failed: " + e.getMessage());
+            System.exit(1);
+        }
+
+        File ccacheFile;
+        if (ktOptions.contains(KinitOption.KRB5_CACHE)) {
+            String ccacheName = ktOptions.getStringOption(KinitOption.KRB5_CACHE);
+            ccacheFile = new File(ccacheName);
+        } else {
+            String ccacheName = getCcacheName(krbClient);
+            ccacheFile = new File(ccacheName);
+        }
+
+        try {
+            krbClient.storeTicket(tgt, ccacheFile);
+        } catch (KrbException e) {
+            System.err.println("Store ticket failed: " + e.getMessage());
+            System.exit(1);
+        }
+
+        System.out.println("Successfully requested and stored ticket in "
+            + ccacheFile.getAbsolutePath());
+
+        if (ktOptions.contains(KinitOption.SERVICE)) {
+            System.out.println("Use tgt to request a service ticket.");
+            String servicePrincipal = ktOptions.getStringOption(KinitOption.SERVICE);
+            SgtTicket sgtTicket;
+            try {
+                sgtTicket = krbClient.requestSgt(tgt, servicePrincipal);
+            } catch (KrbException e) {
+                System.err.println("kinit: " + e.getKrbErrorCode().getMessage());
+                return;
+            }
+
+            System.out.println(sgtTicket.getEncKdcRepPart().getSname().getName() + ": knvo = "
+                + sgtTicket.getTicket().getEncryptedEncPart().getKvno());
+        }
+    }
+
+    /**
+     * Init the client.
+     */
+    private static KrbClient getClient(File confDir) throws KrbException {
+        KrbClient krbClient;
+
+        if (confDir != null) {
+            krbClient = new KrbClient(confDir);
+        } else {
+            krbClient = new KrbClient();
+        }
+
+        krbClient.init();
+        return krbClient;
+    }
+
+    /**
+     * Get credential cache file name if not specified.
+     */
+    private static String getCcacheName(KrbClient krbClient) {
+        final String ccacheNameEnv = System.getenv("KRB5CCNAME");
+        final String ccacheNameConf = krbClient.getSetting().getKrbConfig().getString("default_ccache_name");
+        String ccacheName;
+        if (ccacheNameEnv != null) {
+            ccacheName = ccacheNameEnv;
+        } else if (ccacheNameConf != null) {
+            ccacheName = ccacheNameConf;
+        } else {
+            StringBuilder uid = new StringBuilder();
+            try {
+                //Get UID through "id -u" command
+                String command = "id -u";
+                Process child = Runtime.getRuntime().exec(command);
+                InputStream in = child.getInputStream();
+                int c;
+                while ((c = in.read()) != -1) {
+                    uid.append((char) c);
+                }
+                in.close();
+            } catch (IOException e) {
+                System.err.println("Failed to get UID.");
+                System.exit(1);
+            }
+            ccacheName = "krb5cc_" + uid.toString().trim();
+            ccacheName = SysUtil.getTempDir().toString() + "/" + ccacheName;
+        }
+
+        return ccacheName;
+    }
+
+    public static void main(String[] args) {
+        KOptions ktOptions = new KOptions();
+        KinitOption kto;
+        String principal = null;
+
+        int i = 0;
+        String opt, param, error;
+        while (i < args.length) {
+            error = null;
+
+            opt = args[i++];
+            if (opt.startsWith("-")) {
+                kto = KinitOption.fromName(opt);
+                if (kto == KinitOption.NONE) {
+                    error = "Invalid option:" + opt;
+                    System.err.println(error);
+                    break;
+                }
+            } else {
+                principal = opt;
+                kto = KinitOption.NONE;
+            }
+
+            if (kto != KinitOption.NONE && kto.getOptionInfo().getType() != KOptionType.NOV) {
+                // require a parameter
+                param = null;
+                if (i < args.length) {
+                    param = args[i++];
+                }
+                if (param != null) {
+                    KOptions.parseSetValue(kto.getOptionInfo(), param);
+                } else {
+                    error = "Option " + opt + " require a parameter";
+                }
+            }
+
+            if (error != null) {
+                printUsage(error);
+            }
+            if (kto != KinitOption.NONE) {
+                ktOptions.add(kto);
+            }
+        }
+
+        if (!ktOptions.contains(KinitOption.CONF_DIR)) {
+            printUsage("No conf dir given.");
+        }
+
+        if (principal == null) {
+            if (!ktOptions.contains(KinitOption.SERVICE) && !ktOptions.contains(KinitOption.KRB5_CACHE)) {
+                printUsage("No principal is specified");
+            } else if (ktOptions.contains(KinitOption.SERVICE) && !ktOptions.contains(KinitOption.KRB5_CACHE)) {
+                printKvnoUsage("No credential cache file given.");
+            }
+        }
+
+        requestTicket(principal, ktOptions);
+        System.exit(0);
+    }
+
+    /**
+     * Convert kinit tool options to KOptions.
+     * @param toolOptions
+     * @return KOptions
+     */
+    static KOptions convertOptions(KOptions toolOptions) {
+        KOptions results = new KOptions();
+
+        for (KOption toolOpt : toolOptions.getOptions()) {
+            KOptionInfo kOptionInfo = toolOpt.getOptionInfo();
+            KOptionGroup group = kOptionInfo.getGroup();
+            KOption kOpt = null;
+
+            if (group == KrbOptionGroup.KRB) {
+                kOpt = KrbOption.fromOptionName(kOptionInfo.getName());
+            } else if (group == KrbOptionGroup.PKINIT) {
+                kOpt = PkinitOption.fromOptionName(kOptionInfo.getName());
+            } else if (group == KrbOptionGroup.TOKEN) {
+                kOpt = TokenOption.fromOptionName(kOptionInfo.getName());
+            } else if (group == KrbOptionGroup.KDC_FLAGS) {
+                kOpt = KrbKdcOption.fromOptionName(kOptionInfo.getName());
+            }
+            if (kOpt != null && kOpt.getOptionInfo() != KrbOption.NONE.getOptionInfo()) {
+                kOpt.getOptionInfo().setValue(toolOpt.getOptionInfo().getValue());
+                results.add(kOpt);
+            }
+        }
+
+        return results;
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/a8b1c28f/has/has-tool/has-client-tool/src/main/java/org/apache/kerby/has/tool/client/klist/KlistOption.java
----------------------------------------------------------------------
diff --git a/has/has-tool/has-client-tool/src/main/java/org/apache/kerby/has/tool/client/klist/KlistOption.java b/has/has-tool/has-client-tool/src/main/java/org/apache/kerby/has/tool/client/klist/KlistOption.java
new file mode 100644
index 0000000..b43ddea
--- /dev/null
+++ b/has/has-tool/has-client-tool/src/main/java/org/apache/kerby/has/tool/client/klist/KlistOption.java
@@ -0,0 +1,66 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License.
+ *
+ */
+package org.apache.kerby.has.tool.client.klist;
+
+import org.apache.kerby.KOption;
+import org.apache.kerby.KOptionInfo;
+import org.apache.kerby.KOptionType;
+
+public enum KlistOption implements KOption {
+    NONE(null),
+    CREDENTIALS_CACHE(new KOptionInfo("-c", "specifies path of credentials cache",
+        KOptionType.STR)),
+    KEYTAB(new KOptionInfo("-k", "specifies keytab")),
+    DEFAULT_CLIENT_KEYTAB(new KOptionInfo("-i", "uses default client keytab if no name given")),
+    LIST_CREDENTIAL_CACHES(new KOptionInfo("-l", "list credential caches in collection")),
+    ALL_CREDENTIAL_CACHES(new KOptionInfo("-A", "shows content of all credential caches")),
+    ENCRYPTION_TYPE(new KOptionInfo("-e", "shows encryption type")),
+    KERBEROS_VERSION(new KOptionInfo("-V", "shows Kerberos version")),
+    AUTHORIZATION_DATA_TYPE(new KOptionInfo("-d", "shows the submitted authorization data type")),
+    CREDENTIALS_FLAGS(new KOptionInfo("-f", "show credential flags")),
+    EXIT_TGT_EXISTENCE(new KOptionInfo("-s", "sets exit status based on valid tgt existence")),
+    DISPL_ADDRESS_LIST(new KOptionInfo("-a", "displays the address list")),
+    NO_REVERSE_RESOLVE(new KOptionInfo("-n", "do not reverse resolve")),
+    SHOW_KTAB_ENTRY_TS(new KOptionInfo("-t", "shows keytab entry timestamps")),
+    SHOW_KTAB_ENTRY_KEY(new KOptionInfo("-K", "show keytab entry keys"));
+
+    private final KOptionInfo optionInfo;
+
+    KlistOption(KOptionInfo optionInfo) {
+        this.optionInfo = optionInfo;
+    }
+
+    @Override
+    public KOptionInfo getOptionInfo() {
+        return optionInfo;
+    }
+
+    public static KlistOption fromName(String name) {
+        if (name != null) {
+            for (KlistOption ko : values()) {
+                if (ko.optionInfo != null
+                        && ko.optionInfo.getName().equals(name)) {
+                    return ko;
+                }
+            }
+        }
+        return NONE;
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/a8b1c28f/has/has-tool/has-client-tool/src/main/java/org/apache/kerby/has/tool/client/klist/KlistTool.java
----------------------------------------------------------------------
diff --git a/has/has-tool/has-client-tool/src/main/java/org/apache/kerby/has/tool/client/klist/KlistTool.java b/has/has-tool/has-client-tool/src/main/java/org/apache/kerby/has/tool/client/klist/KlistTool.java
new file mode 100644
index 0000000..64f3315
--- /dev/null
+++ b/has/has-tool/has-client-tool/src/main/java/org/apache/kerby/has/tool/client/klist/KlistTool.java
@@ -0,0 +1,293 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License.
+ *
+ */
+package org.apache.kerby.has.tool.client.klist;
+
+import org.apache.kerby.KOptionType;
+import org.apache.kerby.KOptions;
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.ccache.Credential;
+import org.apache.kerby.kerberos.kerb.ccache.CredentialCache;
+import org.apache.kerby.kerberos.kerb.client.KrbClient;
+import org.apache.kerby.kerberos.kerb.keytab.Keytab;
+import org.apache.kerby.kerberos.kerb.keytab.KeytabEntry;
+import org.apache.kerby.kerberos.kerb.type.base.PrincipalName;
+import org.apache.kerby.util.HexUtil;
+import org.apache.kerby.util.OSUtil;
+import org.apache.kerby.util.SysUtil;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
+import java.nio.file.Files;
+import java.nio.file.Paths;
+import java.text.DateFormat;
+import java.text.SimpleDateFormat;
+import java.util.Date;
+import java.util.List;
+
+/**
+ * klist like tool
+ *
+ * Ref. MIT klist command tool usage.
+ */
+public class KlistTool {
+    private static final Logger LOG = LoggerFactory.getLogger(KlistTool.class);
+
+    private static final String USAGE = (OSUtil.isWindows()
+        ? "Usage: bin\\klist.cmd" : "Usage: sh bin/klist.sh")
+            + " [-e] [-V] [[-c] [-l] [-A] [-d] [-f] [-s] "
+            + "[-a [-n]]] [-k [-t] [-K]] [name]\n"
+            + "\t-c specifies credentials cache\n"
+            + "\t-k specifies keytab\n"
+            + "\t   (Default is credentials cache)\n"
+            + "\t-i uses default client keytab if no name given\n"
+            + "\t-l lists credential caches in collection\n"
+            + "\t-A shows content of all credential caches\n"
+            + "\t-e shows the encryption type\n"
+            + "\t-V shows the Kerberos version and exits\n"
+            + "\toptions for credential caches:\n"
+            + "\t\t-d shows the submitted authorization data types\n"
+            + "\t\t-f shows credentials flags\n"
+            + "\t\t-s sets exit status based on valid tgt existence\n"
+            + "\t\t-a displays the address list\n"
+            + "\t\t\t-n do not reverse-resolve\n"
+            + "\toptions for keytabs:\n"
+            + "\t\t-t shows keytab entry timestamps\n"
+            + "\t\t-K shows keytab entry keys\n";
+
+    // option "-k" hava a optional parameter, "/etc/krb5.keytab" if not specified
+    private static String keytabFilePath = null;
+
+    private static void printUsage(String error) {
+        System.err.println(error + "\n");
+        System.err.println(USAGE);
+        System.exit(-1);
+    }
+
+    private static int printCredentialCacheInfo(KOptions klOptions) {
+        CredentialCache cc = new CredentialCache();
+        List<Credential> credentials;
+        InputStream cis = null;
+        String fileName;
+
+        if (!klOptions.contains(KlistOption.CREDENTIALS_CACHE)) {
+            fileName = getCcacheName();
+        } else {
+            fileName = klOptions.getStringOption(KlistOption.CREDENTIALS_CACHE);
+        }
+        try {
+            cis = Files.newInputStream(Paths.get(fileName));
+            cc.load(cis);
+        } catch (IOException e) {
+            LOG.error("Failed to open CredentialCache from file: " + fileName + ". " + e.toString());
+        } finally {
+            try {
+                if (cis != null) {
+                    cis.close();
+                }
+            } catch (IOException e) {
+                LOG.warn("Fail to close input stream. " + e);
+            }
+        }
+
+        if (cc != null) {
+            credentials = cc.getCredentials();
+
+            System.out.println("Ticket cache: " + fileName);
+            System.out.println("Default principal: " + cc.getPrimaryPrincipal().getName());
+
+            if (credentials.isEmpty()) {
+                System.out.println("No credential has been cached.");
+            } else {
+                DateFormat df = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
+
+                System.out.println("Valid starting\t\tExpires\t\t\tService principal");
+
+                for (Credential crd : credentials) {
+                    System.out.println(df.format(crd.getStartTime().getTime()) + "\t"
+                        + df.format(crd.getEndTime().getTime()) + "\t"
+                        + crd.getServerName() + "\n"
+                        + "\t" + "renew until" + "\t" + df.format(crd.getRenewTill().getTime()));
+                }
+            }
+        }
+
+        return 0;
+    }
+
+    /**
+     * Get credential cache file name if not specified.
+     */
+    private static String getCcacheName() {
+        String ccacheName;
+        String ccacheNameEnv = System.getenv("KRB5CCNAME");
+        String ccacheNameConf = null;
+        File confDir = new File("/etc");
+        try {
+            KrbClient krbClient = new KrbClient(confDir);
+            ccacheNameConf = krbClient.getSetting().getKrbConfig().getString("default_ccache_name");
+        } catch (KrbException e) {
+            System.err.println("Create krbClient failed: " + e.getMessage());
+            System.exit(1);
+        }
+        if (ccacheNameEnv != null) {
+            ccacheName = ccacheNameEnv;
+        } else if (ccacheNameConf != null) {
+            ccacheName = ccacheNameConf;
+        } else {
+            StringBuilder uid = new StringBuilder();
+            try {
+                //Get UID through "id -u" command
+                String command = "id -u";
+                Process child = Runtime.getRuntime().exec(command);
+                InputStream in = child.getInputStream();
+                int c;
+                while ((c = in.read()) != -1) {
+                    uid.append((char) c);
+                }
+                in.close();
+            } catch (IOException e) {
+                System.err.println("Failed to get UID.");
+                System.exit(1);
+            }
+            ccacheName = "krb5cc_" + uid.toString().trim();
+            ccacheName = SysUtil.getTempDir().toString() + "/" + ccacheName;
+        }
+
+        return ccacheName;
+    }
+
+    private static int printKeytabInfo(KOptions klOptions) {
+        String[] header = new String[4];
+        header[0] = "KVNO Principal\n"
+                + "---- --------------------------------------------------------------------------";
+        header[1] = header[0];
+        header[2] = "KVNO Timestamp           Principal\n"
+                + "---- ------------------- ------------------------------------------------------";
+        header[3] = header[2];
+        int outputIndex = 0;
+        if (klOptions.contains(KlistOption.SHOW_KTAB_ENTRY_TS)) {
+            outputIndex |= 2;
+        }
+        if (klOptions.contains(KlistOption.SHOW_KTAB_ENTRY_KEY)) {
+            outputIndex |= 1;
+        }
+        System.out.println("Keytab name: FILE:" + keytabFilePath);
+        try {
+            File keytabFile = new File(keytabFilePath);
+            if (!keytabFile.exists()) {
+                System.out.println("klist: Key table file '" + keytabFilePath + "' not found. ");
+                return 0;
+            }
+            System.out.println(header[outputIndex]);
+            SimpleDateFormat format = new SimpleDateFormat("MM/dd/yyyy HH:mm:ss");
+            Keytab keytab = Keytab.loadKeytab(keytabFile);
+            List<PrincipalName> principals = keytab.getPrincipals();
+            for (PrincipalName principal : principals) {
+                List<KeytabEntry> keytabEntries = keytab.getKeytabEntries(principal);
+                for (KeytabEntry entry : keytabEntries) {
+                    StringBuilder sb = new StringBuilder();
+                    sb.append(String.format("%-4d ", entry.getKvno()));
+                    if ((outputIndex & 2) != 0) {
+                        Date date = new Date(entry.getTimestamp().getTime());
+                        sb.append(format.format(date));
+                        sb.append(' ');
+                    }
+                    sb.append(String.format("%s ", principal.getName()));
+                    if ((outputIndex & 1) != 0) {
+                        sb.append("(0x");
+                        sb.append(HexUtil.bytesToHex(entry.getKey().getKeyData()));
+                        sb.append(")");
+                    }
+                    System.out.println(sb);
+                }
+            }
+
+        } catch (IOException e) {
+            System.err.println("klist: Error while scan key table file '" + keytabFilePath + "'");
+        }
+        return 0;
+    }
+
+    private static int printInfo(KOptions klOptions) {
+        if (klOptions.contains(KlistOption.KEYTAB)) {
+            return printKeytabInfo(klOptions);
+        }
+        return printCredentialCacheInfo(klOptions);
+    }
+
+    public static void main(String[] args) throws Exception {
+        KOptions klOptions = new KOptions();
+        KlistOption klopt;
+        // String name = null;
+
+        int i = 0;
+        String opt, value, error;
+        while (i < args.length) {
+            error = null;
+            opt = args[i++];
+
+            if (opt.startsWith("-")) {
+                klopt = KlistOption.fromName(opt);
+                if (klopt == KlistOption.NONE) {
+                    error = "Invalid option:" + opt;
+                }
+            } else {
+                if (keytabFilePath == null && klOptions.contains(KlistOption.KEYTAB)) {
+                    keytabFilePath = opt;
+                }
+                break;
+            }
+
+            if (error == null && klopt.getOptionInfo().getType() != KOptionType.NOV) {
+                //needs value for this parameter
+                value = null;
+                if (i < args.length) {
+                    value = args[i++];
+                }
+                if (value != null) {
+                    KOptions.parseSetValue(klopt.getOptionInfo(), value);
+                } else {
+                    error = "Option" + klopt + "requires a following value";
+                }
+            }
+
+            if (error != null) {
+                printUsage(error);
+            }
+
+            klOptions.add(klopt);
+            if (klOptions.contains(KlistOption.KEYTAB)
+                && klOptions.contains(KlistOption.CREDENTIALS_CACHE)) {
+                error = "Can not use '-c' and '-k' at the same time ";
+                printUsage(error);
+            }
+        }
+
+        if (keytabFilePath == null) {
+            keytabFilePath = "/etc/krb5.keytab";
+        }
+
+        int errNo = KlistTool.printInfo(klOptions);
+        System.exit(errNo);
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/a8b1c28f/has/has-tool/has-server-tool/pom.xml
----------------------------------------------------------------------
diff --git a/has/has-tool/has-server-tool/pom.xml b/has/has-tool/has-server-tool/pom.xml
index 426eacf..0f634a6 100644
--- a/has/has-tool/has-server-tool/pom.xml
+++ b/has/has-tool/has-server-tool/pom.xml
@@ -4,7 +4,7 @@
          xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
     <parent>
         <artifactId>has-tool</artifactId>
-        <groupId>org.apache.hadoop</groupId>
+        <groupId>org.apache.kerby</groupId>
         <version>1.0.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
@@ -13,12 +13,12 @@
 
     <dependencies>
       <dependency>
-        <groupId>org.apache.hadoop</groupId>
+        <groupId>org.apache.kerby</groupId>
         <artifactId>has-server</artifactId>
         <version>${project.version}</version>
       </dependency>
       <dependency>
-        <groupId>org.apache.hadoop</groupId>
+        <groupId>org.apache.kerby</groupId>
         <artifactId>has-plugins</artifactId>
         <version>${project.version}</version>
       </dependency>

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/a8b1c28f/has/has-tool/has-server-tool/src/main/java/org/apache/hadoop/has/tool/server/hadmin/local/HadminLocalTool.java
----------------------------------------------------------------------
diff --git a/has/has-tool/has-server-tool/src/main/java/org/apache/hadoop/has/tool/server/hadmin/local/HadminLocalTool.java b/has/has-tool/has-server-tool/src/main/java/org/apache/hadoop/has/tool/server/hadmin/local/HadminLocalTool.java
deleted file mode 100644
index 647ad4e..0000000
--- a/has/has-tool/has-server-tool/src/main/java/org/apache/hadoop/has/tool/server/hadmin/local/HadminLocalTool.java
+++ /dev/null
@@ -1,265 +0,0 @@
-/**
- *  Licensed to the Apache Software Foundation (ASF) under one
- *  or more contributor license agreements.  See the NOTICE file
- *  distributed with this work for additional information
- *  regarding copyright ownership.  The ASF licenses this file
- *  to you under the Apache License, Version 2.0 (the
- *  "License"); you may not use this file except in compliance
- *  with the License.  You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing,
- *  software distributed under the License is distributed on an
- *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *  KIND, either express or implied.  See the License for the
- *  specific language governing permissions and limitations
- *  under the License.
- *
- */
-package org.apache.hadoop.has.tool.server.hadmin.local;
-
-import org.apache.hadoop.has.common.HasException;
-import org.apache.hadoop.has.server.admin.LocalHasAdmin;
-import org.apache.hadoop.has.tool.server.hadmin.local.cmd.AddPrincipalCmd;
-import org.apache.hadoop.has.tool.server.hadmin.local.cmd.AddPrincipalsCmd;
-import org.apache.hadoop.has.tool.server.hadmin.local.cmd.DeletePrincipalCmd;
-import org.apache.hadoop.has.tool.server.hadmin.local.cmd.DisableConfigureCmd;
-import org.apache.hadoop.has.tool.server.hadmin.local.cmd.EnableConfigureCmd;
-import org.apache.hadoop.has.tool.server.hadmin.local.cmd.ExportKeytabsCmd;
-import org.apache.hadoop.has.tool.server.hadmin.local.cmd.GetHostRolesCmd;
-import org.apache.hadoop.has.tool.server.hadmin.local.cmd.GetPrincipalCmd;
-import org.apache.hadoop.has.tool.server.hadmin.local.cmd.HadminCmd;
-import org.apache.hadoop.has.tool.server.hadmin.local.cmd.KeytabAddCmd;
-import org.apache.hadoop.has.tool.server.hadmin.local.cmd.ListPrincipalsCmd;
-import org.apache.hadoop.has.tool.server.hadmin.local.cmd.RenamePrincipalCmd;
-import org.apache.kerby.KOptions;
-import org.apache.kerby.kerberos.kerb.KrbException;
-import org.apache.kerby.kerberos.kerb.admin.kadmin.KadminOption;
-import org.apache.kerby.kerberos.tool.kadmin.AuthUtil;
-import org.apache.kerby.kerberos.tool.kadmin.ToolUtil;
-import org.apache.kerby.util.OSUtil;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import javax.security.auth.Subject;
-import javax.security.auth.kerberos.KerberosPrincipal;
-import javax.security.auth.login.LoginException;
-import java.io.File;
-import java.security.Principal;
-import java.util.Map;
-import java.util.Scanner;
-import java.util.Set;
-
-/**
- * Ref. MIT kadmin cmd tool usage.
- */
-public class HadminLocalTool {
-    private static final Logger LOG = LoggerFactory.getLogger(HadminLocalTool.class);
-    private static File confDir;
-
-    private static final String PROMPT = HadminLocalTool.class.getSimpleName() + ".local";
-    private static  final String USAGE = (OSUtil.isWindows()
-            ? "Usage: bin\\hadmin-local.cmd" : "Usage: sh bin/kadmin-local.sh")
-            + " <conf-dir> <-c cache_name>|<-k keytab>\n"
-            + "\tExample:\n"
-            + "\t\t"
-            + (OSUtil.isWindows()
-            ? "bin\\hadmin-local.cmd" : "sh bin/hadmin-local.sh")
-            + " conf -k admin.keytab\n";
-
-    private static void printUsage(String error) {
-        System.err.println(error + "\n");
-        System.err.println(USAGE);
-        System.exit(-1);
-    }
-
-    private static final String LEGAL_COMMANDS = "Available commands are: "
-        + "\n"
-        + "add_principal, addprinc\n"
-        + "                         Add principal\n"
-        + "delete_principal, delprinc\n"
-        + "                         Delete principal\n"
-        + "rename_principal, renprinc\n"
-        + "                         Rename principal\n"
-        + "get_principal, getprinc\n"
-        + "                         Get principal\n"
-        + "list_principals, listprincs\n"
-        + "                         List principals\n"
-        + "ktadd, xst\n"
-        + "                         Add entry(s) to a keytab\n"
-        + "get_hostroles, hostroles\n"
-        + "                         Get hostRoles\n"
-        + "export_keytabs, expkeytabs\n"
-        + "                         Export keytabs\n"
-        + "create_principals, creprincs\n"
-        + "                         Create principals\n"
-        + "enable_configure, enable\n"
-        + "                         Enable configure\n"
-        + "disable_configure, disable\n"
-        + "                         Disable configure\n";
-
-    private static void execute(LocalHasAdmin hadmin, String input) throws HasException {
-        // Omit the leading and trailing whitespace.
-        input = input.trim();
-        if (input.startsWith("cmd")) {
-            System.out.println(LEGAL_COMMANDS);
-            return;
-        }
-
-        String[] items = input.split("\\s+");
-        String cmd = items[0];
-        HadminCmd executor;
-        if (cmd.startsWith("add_principal")
-            || cmd.startsWith("addprinc")) {
-            executor = new AddPrincipalCmd(hadmin);
-        } else if (cmd.startsWith("delete_principal")
-            || cmd.startsWith("delprinc")) {
-            executor = new DeletePrincipalCmd(hadmin);
-        } else if (cmd.startsWith("rename_principal")
-            || cmd.startsWith("renprinc")) {
-            executor = new RenamePrincipalCmd(hadmin);
-        } else if (cmd.startsWith("list_principals")
-            || cmd.startsWith("listprincs")) {
-            executor = new ListPrincipalsCmd(hadmin);
-        } else if (cmd.startsWith("ktadd")
-            || cmd.startsWith("xst")) {
-            executor = new KeytabAddCmd(hadmin);
-        } else if (cmd.startsWith("get_hostroles")
-            || cmd.startsWith("hostroles")) {
-            executor = new GetHostRolesCmd(hadmin);
-        } else if (cmd.startsWith("create_principals")
-            || cmd.startsWith("creprincs")) {
-            executor = new AddPrincipalsCmd(hadmin);
-        } else if (cmd.startsWith("export_keytabs")
-            || cmd.startsWith("expkeytabs")) {
-            executor = new ExportKeytabsCmd(hadmin);
-        } else if (cmd.startsWith("enable_configure")
-            || cmd.startsWith("enable")) {
-            executor = new EnableConfigureCmd(hadmin);
-        } else if (cmd.startsWith("disable_configure")
-            || cmd.startsWith("disable")) {
-            executor = new DisableConfigureCmd(hadmin);
-        }  else if (cmd.startsWith("get_principal")
-            || cmd.startsWith("getprinc")) {
-            executor = new GetPrincipalCmd(hadmin);
-        } else {
-            System.out.println(LEGAL_COMMANDS);
-            return;
-        }
-        executor.execute(items);
-    }
-
-    private static File getConfDir(String[] args) {
-        String envDir;
-        confDir = new File(args[0]);
-        if (confDir == null || !confDir.exists()) {
-            try {
-                Map<String, String> mapEnv = System.getenv();
-                envDir = mapEnv.get("KRB5_KDC_DIR");
-            } catch (SecurityException e) {
-                envDir = null;
-            }
-            if (envDir != null) {
-                confDir = new File(envDir);
-            } else {
-                confDir = new File("/etc/kerby/"); // for Linux. TODO: fix for Win etc.
-            }
-
-            if (!confDir.exists()) {
-                throw new RuntimeException("Can not locate KDC backend directory "
-                        + confDir.getAbsolutePath());
-            }
-        }
-        LOG.info("Conf dir:" + confDir.getAbsolutePath());
-        return confDir;
-    }
-
-    public static void main(String[] args) {
-
-        if (args.length < 2) {
-            System.err.println(USAGE);
-            return;
-        }
-
-        LocalHasAdmin hadmin;
-        try {
-            hadmin = new LocalHasAdmin(getConfDir(args));
-        } catch (KrbException e) {
-            System.err.println("Failed to init HasAdmin due to " + e.getMessage());
-            return;
-        }
-
-        KOptions kOptions = ToolUtil.parseOptions(args, 1, args.length - 1);
-        if (kOptions == null) {
-            System.err.println(USAGE);
-            return;
-        }
-
-        String hadminPrincipal = hadmin.getHadminPrincipal();
-        Subject subject = null;
-        if (kOptions.contains(KadminOption.CCACHE)) {
-            File ccFile = kOptions.getFileOption(KadminOption.CCACHE);
-            if (ccFile == null || !ccFile.exists()) {
-                printUsage("Need the valid credentials cache file.");
-                return;
-            }
-            try {
-                subject = AuthUtil.loginUsingTicketCache(hadminPrincipal, ccFile);
-            } catch (LoginException e) {
-                System.err.println("Could not login with: " + hadminPrincipal
-                    + e.getMessage());
-                return;
-            }
-        } else if (kOptions.contains(KadminOption.K)) {
-            File keyTabFile = new File(kOptions.getStringOption(KadminOption.K));
-            if (keyTabFile == null || !keyTabFile.exists()) {
-                printUsage("Need the valid keytab file.");
-                return;
-            }
-            try {
-                subject = AuthUtil.loginUsingKeytab(hadminPrincipal, keyTabFile);
-            } catch (LoginException e) {
-                System.err.println("Could not login with: " + hadminPrincipal
-                    + e.getMessage());
-                return;
-            }
-        } else {
-            printUsage("No credentials cache file or keytab file for authentication.");
-        }
-        if (subject != null) {
-            Principal adminPrincipal = new KerberosPrincipal(hadminPrincipal);
-            Set<Principal> princSet = subject.getPrincipals();
-            if (princSet == null || princSet.isEmpty()) {
-                printUsage("The principals in subject is empty.");
-                return;
-            }
-            if (princSet.contains(adminPrincipal)) {
-                System.out.println("Login successful for user: " + hadminPrincipal);
-            } else {
-                printUsage("Login failure for " + hadminPrincipal);
-                return;
-            }
-        } else {
-            printUsage("The subject is null, login failure for " + hadminPrincipal);
-            return;
-        }
-        System.out.println("enter \"cmd\" to see legal commands.");
-        System.out.print(PROMPT + ": ");
-
-        try (Scanner scanner = new Scanner(System.in, "UTF-8")) {
-            String input = scanner.nextLine();
-
-            while (!(input.equals("quit") || input.equals("exit")
-                    || input.equals("q"))) {
-                try {
-                    execute(hadmin, input);
-                } catch (HasException e) {
-                    System.err.println(e.getMessage());
-                }
-                System.out.print(PROMPT + ": ");
-                input = scanner.nextLine();
-            }
-        }
-    }
-}


Mime
View raw message