Hi Jiajia, Just a reminder that you need to git cherry-pick this merge on the 1.0.x-fixes branch as well..
Thanks, Colm. On Tue, Aug 1, 2017 at 5:51 AM, <[email protected]> wrote: > Repository: directory-kerby > Updated Branches: > refs/heads/trunk f8f95ab14 -> 05be35035 > > > DIRKRB-640 mplement renew ticket in kinit tool. > > > Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo > Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/ > commit/05be3503 > Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/05be3503 > Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/05be3503 > > Branch: refs/heads/trunk > Commit: 05be350353af3d2dad957314c9e82adc27674bff > Parents: f8f95ab > Author: plusplusjiajia <[email protected]> > Authored: Tue Aug 1 12:51:27 2017 +0800 > Committer: plusplusjiajia <[email protected]> > Committed: Tue Aug 1 12:51:27 2017 +0800 > > ---------------------------------------------------------------------- > .../kerberos/kerb/client/KrbClientBase.java | 96 ++++++++++++++++++++ > .../kerb/client/request/ArmoredRequest.java | 2 +- > .../kerberos/kerb/client/request/AsRequest.java | 2 +- > .../kerb/client/request/AsRequestWithCert.java | 2 +- > .../kerb/client/request/KdcRequest.java | 21 +++-- > .../kerb/client/request/TgsRequest.java | 4 +- > .../kerb/client/request/TgsRequestWithTgt.java | 8 +- > .../kerberos/kerb/type/ticket/SgtTicket.java | 11 +++ > .../kerberos/kerb/ccache/CredentialCache.java | 7 ++ > .../kerby/kerberos/tool/kinit/KinitTool.java | 58 +++++++++--- > 10 files changed, 182 insertions(+), 29 deletions(-) > ---------------------------------------------------------------------- > > > http://git-wip-us.apache.org/repos/asf/directory-kerby/ > blob/05be3503/kerby-kerb/kerb-client/src/main/java/org/ > apache/kerby/kerberos/kerb/client/KrbClientBase.java > ---------------------------------------------------------------------- > diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/ > kerberos/kerb/client/KrbClientBase.java b/kerby-kerb/kerb-client/src/ > main/java/org/apache/kerby/kerberos/kerb/client/KrbClientBase.java > index 959f38b..d05fee2 100644 > --- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/ > kerberos/kerb/client/KrbClientBase.java > +++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/ > kerberos/kerb/client/KrbClientBase.java > @@ -21,9 +21,11 @@ package org.apache.kerby.kerberos.kerb.client; > > import org.apache.kerby.KOptions; > import org.apache.kerby.kerberos.kerb.KrbException; > +import org.apache.kerby.kerberos.kerb.ccache.Credential; > import org.apache.kerby.kerberos.kerb.ccache.CredentialCache; > import org.apache.kerby.kerberos.kerb.client.impl. > DefaultInternalKrbClient; > import org.apache.kerby.kerberos.kerb.client.impl.InternalKrbClient; > +import org.apache.kerby.kerberos.kerb.type.kdc.EncAsRepPart; > import org.apache.kerby.kerberos.kerb.type.ticket.SgtTicket; > import org.apache.kerby.kerberos.kerb.type.ticket.TgtTicket; > import org.slf4j.Logger; > @@ -211,6 +213,27 @@ public class KrbClientBase { > } > > /** > + * Request a service ticket > + * @param ccFile The credential cache file > + * @return service ticket > + * @throws KrbException e > + */ > + public SgtTicket requestSgt(File ccFile) throws KrbException { > + Credential credential = getCredentialFromFile(ccFile); > + String servicePrincipal = credential. > getServicePrincipal().getName(); > + TgtTicket tgt = getTgtTicketFromCredential(credential); > + > + KOptions requestOptions = new KOptions(); > + requestOptions.add(KrbKdcOption.RENEW); > + requestOptions.add(KrbOption.USE_TGT, tgt); > + requestOptions.add(KrbOption.SERVER_PRINCIPAL, servicePrincipal); > + SgtTicket sgtTicket = innerClient.requestSgt(requestOptions); > + sgtTicket.setClientPrincipal(tgt.getClientPrincipal()); > + return sgtTicket; > + } > + > + > + /** > * Store tgt into the specified credential cache file. > * @param tgtTicket The tgt ticket > * @param ccacheFile The credential cache file > @@ -248,4 +271,77 @@ public class KrbClientBase { > + "not exist or writable: " + > ccacheFile.getAbsolutePath()); > } > } > + > + /** > + * Store sgt into the specified credential cache file. > + * @param sgtTicket The sgt ticket > + * @param ccacheFile The credential cache file > + * @throws KrbException e > + */ > + public void storeTicket(SgtTicket sgtTicket, File ccacheFile) throws > KrbException { > + LOG.info("Storing the sgt to the credential cache file."); > + if (!ccacheFile.exists()) { > + try { > + if (!ccacheFile.createNewFile()) { > + throw new KrbException("Failed to create ccache file " > + + ccacheFile.getAbsolutePath()); > + } > + // sets read-write permissions to owner only > + ccacheFile.setReadable(false, false); > + ccacheFile.setReadable(true, true); > + if (!ccacheFile.setWritable(true, true)) { > + throw new KrbException("Cache file is not readable."); > + } > + } catch (IOException e) { > + throw new KrbException("Failed to create ccache file " > + + ccacheFile.getAbsolutePath(), e); > + } > + } > + if (ccacheFile.exists() && ccacheFile.canWrite()) { > + CredentialCache cCache = new CredentialCache(sgtTicket); > + try { > + cCache.store(ccacheFile); > + } catch (IOException e) { > + throw new KrbException("Failed to store tgt", e); > + } > + } else { > + throw new IllegalArgumentException("Invalid ccache file, " > + + "not exist or writable: " + > ccacheFile.getAbsolutePath()); > + } > + } > + > + public TgtTicket getTgtTicketFromCredential(Credential cc) { > + EncAsRepPart encAsRepPart = new EncAsRepPart(); > + encAsRepPart.setAuthTime(cc.getAuthTime()); > + encAsRepPart.setCaddr(cc.getClientAddresses()); > + encAsRepPart.setEndTime(cc.getEndTime()); > + encAsRepPart.setFlags(cc.getTicketFlags()); > + encAsRepPart.setKey(cc.getKey()); > +// encAsRepPart.setKeyExpiration(); > +// encAsRepPart.setLastReq(); > +// encAsRepPart.setNonce(); > + encAsRepPart.setRenewTill(cc.getRenewTill()); > + encAsRepPart.setSname(cc.getServerName()); > + encAsRepPart.setSrealm(cc.getServerName().getRealm()); > + encAsRepPart.setStartTime(cc.getStartTime()); > + TgtTicket tgtTicket = new TgtTicket(cc.getTicket(), encAsRepPart, > cc.getClientName()); > + return tgtTicket; > + } > + > + public Credential getCredentialFromFile(File ccFile) throws > KrbException { > + CredentialCache cc; > + try { > + cc = resolveCredCache(ccFile); > + } catch (IOException e) { > + throw new KrbException("Failed to load armor cache file"); > + } > + return cc.getCredentials().iterator().next(); > + } > + > + public CredentialCache resolveCredCache(File ccacheFile) throws > IOException { > + CredentialCache cc = new CredentialCache(); > + cc.load(ccacheFile); > + > + return cc; > + } > } > > http://git-wip-us.apache.org/repos/asf/directory-kerby/ > blob/05be3503/kerby-kerb/kerb-client/src/main/java/org/ > apache/kerby/kerberos/kerb/client/request/ArmoredRequest.java > ---------------------------------------------------------------------- > diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/ > kerberos/kerb/client/request/ArmoredRequest.java > b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/ > kerberos/kerb/client/request/ArmoredRequest.java > index a052518..b7113a5 100644 > --- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/ > kerberos/kerb/client/request/ArmoredRequest.java > +++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/ > kerberos/kerb/client/request/ArmoredRequest.java > @@ -233,7 +233,7 @@ public class ArmoredRequest { > authenticator.setCusec(0); > authenticator.setSubKey(subKey); > > - KdcReqBody reqBody = kdcRequest.getReqBody(); > + KdcReqBody reqBody = kdcRequest.getReqBody(null); > CheckSum checksum = CheckSumUtil.seal(reqBody, null, > subKey, KeyUsage.TGS_REQ_AUTH_CKSUM); > authenticator.setCksum(checksum); > > http://git-wip-us.apache.org/repos/asf/directory-kerby/ > blob/05be3503/kerby-kerb/kerb-client/src/main/java/org/ > apache/kerby/kerberos/kerb/client/request/AsRequest.java > ---------------------------------------------------------------------- > diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/ > kerberos/kerb/client/request/AsRequest.java b/kerby-kerb/kerb-client/src/ > main/java/org/apache/kerby/kerberos/kerb/client/request/AsRequest.java > index 7f35d87..d72d46c 100644 > --- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/ > kerberos/kerb/client/request/AsRequest.java > +++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/ > kerberos/kerb/client/request/AsRequest.java > @@ -74,7 +74,7 @@ public class AsRequest extends KdcRequest { > public void process() throws KrbException { > super.process(); > > - KdcReqBody body = getReqBody(); > + KdcReqBody body = getReqBody(null); > > AsReq asReq = new AsReq(); > asReq.setReqBody(body); > > http://git-wip-us.apache.org/repos/asf/directory-kerby/ > blob/05be3503/kerby-kerb/kerb-client/src/main/java/org/ > apache/kerby/kerberos/kerb/client/request/AsRequestWithCert.java > ---------------------------------------------------------------------- > diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/ > kerberos/kerb/client/request/AsRequestWithCert.java > b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/ > kerberos/kerb/client/request/AsRequestWithCert.java > index a1f1725..fae5c80 100644 > --- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/ > kerberos/kerb/client/request/AsRequestWithCert.java > +++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/ > kerberos/kerb/client/request/AsRequestWithCert.java > @@ -43,7 +43,7 @@ public class AsRequestWithCert extends AsRequest { > > @Override > public void process() throws KrbException { > - KdcReqBody body = getReqBody(); > + KdcReqBody body = getReqBody(null); > AsReq asReq = new AsReq(); > asReq.setReqBody(body); > setKdcReq(asReq); > > http://git-wip-us.apache.org/repos/asf/directory-kerby/ > blob/05be3503/kerby-kerb/kerb-client/src/main/java/org/ > apache/kerby/kerberos/kerb/client/request/KdcRequest.java > ---------------------------------------------------------------------- > diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/ > kerberos/kerb/client/request/KdcRequest.java b/kerby-kerb/kerb-client/src/ > main/java/org/apache/kerby/kerberos/kerb/client/request/KdcRequest.java > index 8b88097..7c241ab 100644 > --- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/ > kerberos/kerb/client/request/KdcRequest.java > +++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/ > kerberos/kerb/client/request/KdcRequest.java > @@ -158,9 +158,9 @@ public abstract class KdcRequest { > this.kdcReq = kdcReq; > } > > - protected KdcReqBody getReqBody() throws KrbException { > + protected KdcReqBody getReqBody(KerberosTime renewTill) throws > KrbException { > if (reqBody == null) { > - reqBody = makeReqBody(); > + reqBody = makeReqBody(renewTill); > } > > return reqBody; > @@ -174,7 +174,7 @@ public abstract class KdcRequest { > this.kdcRep = kdcRep; > } > > - protected KdcReqBody makeReqBody() throws KrbException { > + protected KdcReqBody makeReqBody(KerberosTime renewTill) throws > KrbException { > KdcReqBody body = new KdcReqBody(); > > long startTime = System.currentTimeMillis(); > @@ -190,13 +190,18 @@ public abstract class KdcRequest { > > body.setTill(new KerberosTime(startTime + getTicketValidTime())); > > - long renewLifetime; > - if (getRequestOptions().contains(KrbOption.RENEWABLE_TIME)) { > - renewLifetime = getRequestOptions(). > getIntegerOption(KrbOption.RENEWABLE_TIME); > + KerberosTime rtime; > + if (renewTill != null) { > + rtime = renewTill; > } else { > - renewLifetime = getContext().getKrbSetting().getKrbConfig(). > getRenewLifetime(); > + long renewLifetime; > + if (getRequestOptions().contains(KrbOption.RENEWABLE_TIME)) { > + renewLifetime = getRequestOptions(). > getIntegerOption(KrbOption.RENEWABLE_TIME); > + } else { > + renewLifetime = getContext().getKrbSetting(). > getKrbConfig().getRenewLifetime(); > + } > + rtime = new KerberosTime(startTime + renewLifetime * 1000); > } > - KerberosTime rtime = new KerberosTime(startTime + renewLifetime * > 1000); > body.setRtime(rtime); > > int nonce = generateNonce(); > > http://git-wip-us.apache.org/repos/asf/directory-kerby/ > blob/05be3503/kerby-kerb/kerb-client/src/main/java/org/ > apache/kerby/kerberos/kerb/client/request/TgsRequest.java > ---------------------------------------------------------------------- > diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/ > kerberos/kerb/client/request/TgsRequest.java b/kerby-kerb/kerb-client/src/ > main/java/org/apache/kerby/kerberos/kerb/client/request/TgsRequest.java > index 8e2526e..8e650b8 100644 > --- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/ > kerberos/kerb/client/request/TgsRequest.java > +++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/ > kerberos/kerb/client/request/TgsRequest.java > @@ -67,7 +67,7 @@ public class TgsRequest extends KdcRequest { > > TgsReq tgsReq = new TgsReq(); > > - KdcReqBody tgsReqBody = getReqBody(); > + KdcReqBody tgsReqBody = getReqBody(null); > tgsReq.setReqBody(tgsReqBody); > tgsReq.setPaData(getPreauthContext().getOutputPaData()); > > @@ -79,7 +79,7 @@ public class TgsRequest extends KdcRequest { > setKdcRep(kdcRep); > > TgsRep tgsRep = (TgsRep) getKdcRep(); > - EncTgsRepPart encTgsRepPart = null; > + EncTgsRepPart encTgsRepPart; > try { > encTgsRepPart = EncryptionUtil.unseal(tgsRep. > getEncryptedEncPart(), > getSessionKey(), > > http://git-wip-us.apache.org/repos/asf/directory-kerby/ > blob/05be3503/kerby-kerb/kerb-client/src/main/java/org/ > apache/kerby/kerberos/kerb/client/request/TgsRequestWithTgt.java > ---------------------------------------------------------------------- > diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/ > kerberos/kerb/client/request/TgsRequestWithTgt.java > b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/ > kerberos/kerb/client/request/TgsRequestWithTgt.java > index ee3151c..5f2e58a 100644 > --- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/ > kerberos/kerb/client/request/TgsRequestWithTgt.java > +++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/ > kerberos/kerb/client/request/TgsRequestWithTgt.java > @@ -21,6 +21,7 @@ package org.apache.kerby.kerberos.kerb.client.request; > > import org.apache.kerby.kerberos.kerb.KrbException; > import org.apache.kerby.kerberos.kerb.client.KrbContext; > +import org.apache.kerby.kerberos.kerb.client.KrbKdcOption; > import org.apache.kerby.kerberos.kerb.common.CheckSumUtil; > import org.apache.kerby.kerberos.kerb.common.EncryptionUtil; > import org.apache.kerby.kerberos.kerb.type.KerberosTime; > @@ -92,8 +93,13 @@ public class TgsRequestWithTgt extends TgsRequest { > authenticator.setCtime(KerberosTime.now()); > authenticator.setCusec(0); > authenticator.setSubKey(tgt.getSessionKey()); > + KerberosTime renewTill = null; > + > + if (getRequestOptions().contains(KrbKdcOption.RENEW)) { > + renewTill = tgt.getEncKdcRepPart().getRenewTill(); > + } > + KdcReqBody reqBody = getReqBody(renewTill); > > - KdcReqBody reqBody = getReqBody(); > CheckSum checksum = CheckSumUtil.seal(reqBody, null, > tgt.getSessionKey(), KeyUsage.TGS_REQ_AUTH_CKSUM); > authenticator.setCksum(checksum); > > http://git-wip-us.apache.org/repos/asf/directory-kerby/ > blob/05be3503/kerby-kerb/kerb-core/src/main/java/org/apache/ > kerby/kerberos/kerb/type/ticket/SgtTicket.java > ---------------------------------------------------------------------- > diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/ > kerberos/kerb/type/ticket/SgtTicket.java b/kerby-kerb/kerb-core/src/ > main/java/org/apache/kerby/kerberos/kerb/type/ticket/SgtTicket.java > index 86cdf1e..05c0485 100644 > --- a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/ > kerberos/kerb/type/ticket/SgtTicket.java > +++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/ > kerberos/kerb/type/ticket/SgtTicket.java > @@ -19,13 +19,24 @@ > */ > package org.apache.kerby.kerberos.kerb.type.ticket; > > +import org.apache.kerby.kerberos.kerb.type.base.PrincipalName; > import org.apache.kerby.kerberos.kerb.type.kdc.EncTgsRepPart; > > /** > * Service granting ticket. > */ > public class SgtTicket extends KrbTicket { > + private PrincipalName clientPrincipal; > + > public SgtTicket(Ticket ticket, EncTgsRepPart encKdcRepPart) { > super(ticket, encKdcRepPart); > } > + > + public PrincipalName getClientPrincipal() { > + return clientPrincipal; > + } > + > + public void setClientPrincipal(PrincipalName clientPrincipal) { > + this.clientPrincipal = clientPrincipal; > + } > } > > http://git-wip-us.apache.org/repos/asf/directory-kerby/ > blob/05be3503/kerby-kerb/kerb-util/src/main/java/org/apache/ > kerby/kerberos/kerb/ccache/CredentialCache.java > ---------------------------------------------------------------------- > diff --git a/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/ > kerberos/kerb/ccache/CredentialCache.java b/kerby-kerb/kerb-util/src/ > main/java/org/apache/kerby/kerberos/kerb/ccache/CredentialCache.java > index 0a56626..f742649 100644 > --- a/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/ > kerberos/kerb/ccache/CredentialCache.java > +++ b/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/ > kerberos/kerb/ccache/CredentialCache.java > @@ -20,6 +20,7 @@ > package org.apache.kerby.kerberos.kerb.ccache; > > import org.apache.kerby.kerberos.kerb.type.base.PrincipalName; > +import org.apache.kerby.kerberos.kerb.type.ticket.SgtTicket; > import org.apache.kerby.kerberos.kerb.type.ticket.TgtTicket; > import org.apache.kerby.kerberos.kerb.type.ticket.Ticket; > > @@ -53,6 +54,12 @@ public class CredentialCache implements > KrbCredentialCache { > setPrimaryPrincipal(tgt.getClientPrincipal()); > } > > + public CredentialCache(SgtTicket sgt) { > + this(); > + addCredential(new Credential(sgt, sgt.getClientPrincipal())); > + setPrimaryPrincipal(sgt.getClientPrincipal()); > + } > + > public CredentialCache(Credential credential) { > this(); > addCredential(credential); > > http://git-wip-us.apache.org/repos/asf/directory-kerby/ > blob/05be3503/kerby-tool/client-tool/src/main/java/org/ > apache/kerby/kerberos/tool/kinit/KinitTool.java > ---------------------------------------------------------------------- > diff --git a/kerby-tool/client-tool/src/main/java/org/apache/kerby/ > kerberos/tool/kinit/KinitTool.java b/kerby-tool/client-tool/src/ > main/java/org/apache/kerby/kerberos/tool/kinit/KinitTool.java > index 735739e..f2e585c 100644 > --- a/kerby-tool/client-tool/src/main/java/org/apache/kerby/ > kerberos/tool/kinit/KinitTool.java > +++ b/kerby-tool/client-tool/src/main/java/org/apache/kerby/ > kerberos/tool/kinit/KinitTool.java > @@ -61,7 +61,7 @@ public class KinitTool { > + "\tOPTIONS:\n" > + "\t\t-V verbose\n" > + "\t\t-l lifetime\n" > - + "\t\t--s start time\n" > + + "\t\t-s start time\n" > + "\t\t-r renewable lifetime\n" > + "\t\t-f forwardable\n" > + "\t\t-F not forwardable\n" > @@ -112,8 +112,7 @@ public class KinitTool { > return password; > } > > - private static void requestTicket(String principal, > - KOptions ktOptions) throws > KrbException { > + private static void requestTicket(String principal, KOptions > ktOptions) { > ktOptions.add(KinitOption.CLIENT_PRINCIPAL, principal); > > File confDir = null; > @@ -121,6 +120,38 @@ public class KinitTool { > confDir = ktOptions.getDirOption(KinitOption.CONF_DIR); > } > > + KrbClient krbClient = null; > + try { > + krbClient = getClient(confDir); > + } catch (KrbException e) { > + System.err.println("Create krbClient failed: " + > e.getMessage()); > + System.exit(1); > + } > + > + if (ktOptions.contains(KinitOption.RENEW)) { > + if (ktOptions.contains(KinitOption.KRB5_CACHE)) { > + String ccName = ktOptions.getStringOption( > KinitOption.KRB5_CACHE); > + File ccFile = new File(ccName); > + > + SgtTicket sgtTicket = null; > + try { > + sgtTicket = krbClient.requestSgt(ccFile); > + } catch (KrbException e) { > + System.err.println("kinit: " + e.getKrbErrorCode(). > getMessage()); > + } > + > + try { > + krbClient.storeTicket(sgtTicket, ccFile); > + } catch (KrbException e) { > + System.err.println("kinit: " + e.getKrbErrorCode(). > getMessage()); > + } > + > + System.out.println("Successfully renewed."); > + } > + return; > + } > + > + > if (ktOptions.contains(KinitOption.ANONYMOUS)) { > ktOptions.add(PkinitOption.USE_ANONYMOUS); > ktOptions.add(PkinitOption.X509_ANCHORS); > @@ -131,14 +162,6 @@ public class KinitTool { > ktOptions.add(KinitOption.USER_PASSWD, password); > } > > - KrbClient krbClient = null; > - try { > - krbClient = getClient(confDir); > - } catch (KrbException e) { > - System.err.println("Create krbClient failed: " + > e.getMessage()); > - System.exit(1); > - } > - > TgtTicket tgt = null; > try { > tgt = krbClient.requestTgt(convertOptions(ktOptions)); > @@ -168,8 +191,13 @@ public class KinitTool { > + ccacheFile.getAbsolutePath()); > if (ktOptions.contains(KinitOption.SERVICE)) { > String servicePrincipal = ktOptions.getStringOption( > KinitOption.SERVICE); > - SgtTicket sgtTicket = > - krbClient.requestSgt(tgt, servicePrincipal); > + SgtTicket sgtTicket; > + try { > + sgtTicket = krbClient.requestSgt(tgt, servicePrincipal); > + } catch (KrbException e) { > + System.err.println("kinit: " + e.getKrbErrorCode(). > getMessage()); > + return; > + } > System.out.println("Successfully requested the service > ticket for " + servicePrincipal > + "\nKey version: " + sgtTicket.getTicket().getTktvno()); > } > @@ -191,7 +219,7 @@ public class KinitTool { > return krbClient; > } > > - public static void main(String[] args) throws Exception { > + public static void main(String[] args) { > KOptions ktOptions = new KOptions(); > KinitOption kto; > String principal = null; > @@ -242,7 +270,7 @@ public class KinitTool { > if (principal == null) { > if (ktOptions.contains(KinitOption.ANONYMOUS)) { > principal = KrbConstant.ANONYMOUS_PRINCIPAL; > - } else { > + } else if (!ktOptions.contains(KinitOption.KRB5_CACHE)) { > printUsage("No principal is specified"); > } > } > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
