I've been working on what is, in essence, the Kerberos kvno tool (except our Java code verifies that the slaves are synchronized to the master) and have been fighting against a problem that I believes underlies the -S option of KinitTool.java.
When you request a TGT, you can add a server name (principal) which should be of type "Service and Instance (2)". Currently, the client's requestTgtWithOptions() method doesn't seem to support either the SERVICE_PRINCIPAL or SERVER_PRINCIPAL options. I'm looking into why. Looking at Wireshark, I think it's just not implemented in the client library code. Regardless of the values passed, the server name remains the (default) krbtgt@<DOMAIN>. I'll submit a patch once I get the client's TGT request working. Steve -- “The mark of the immature man is that he wants to die nobly for a cause, while the mark of the mature man is that he wants to live humbly for one.” - Wilhelm Stekel ----- Original Message ----- From: "Xu Yaning (JIRA)" <[email protected]> To: [email protected] Sent: Tuesday, November 3, 2015 7:28:27 AM Subject: [jira] [Created] (DIRKRB-440) Enhance Kinit to request a service ticket Xu Yaning created DIRKRB-440: -------------------------------- Summary: Enhance Kinit to request a service ticket Key: DIRKRB-440 URL: https://issues.apache.org/jira/browse/DIRKRB-440 Project: Directory Kerberos Issue Type: New Feature Reporter: Xu Yaning In the USAGE of {{KinitTool.java}}, it supports parameter "-S service_name" to enable the user to request a service ticket. It just need to be implemented. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
