|
 |
f7a442 |
From 6858ecbb9c407ff6d2b22cac283ea2461af1757b Mon Sep 17 00:00:00 2001
|
|
|
4d190f |
From: Robbie Harwood <rharwood@redhat.com>
|
|
|
4d190f |
Date: Thu, 20 Aug 2020 17:49:29 -0400
|
|
|
4d190f |
Subject: [PATCH] Unify kvno option documentation
|
|
|
4d190f |
|
|
|
4d190f |
Add missing kvno options to the kvno.rst synopsis and option
|
|
|
4d190f |
descriptions, and to the kvno usage message. Remove mention of '-h'
|
|
|
4d190f |
(help text), from kvno.rst as it is an implicit option. Note that the
|
|
|
4d190f |
three new caching options were added in release 1.19.
|
|
|
4d190f |
|
|
|
4d190f |
Indicate the two exclusions (-u/-S and --u2u with the S4U2Self options)
|
|
|
4d190f |
and dependency (-P on S4U2Self) where they are missing.
|
|
|
4d190f |
|
|
|
4d190f |
Switch xusage() to print only a single localized string, rather than
|
|
|
4d190f |
running each line of output through localization separately.
|
|
|
4d190f |
|
|
|
4d190f |
Leave kvno -C undocumented for now, as the semantics of
|
|
|
4d190f |
KRB5_GC_CANONICALIZE are minimally useful and likely to change.
|
|
|
4d190f |
|
|
|
4d190f |
[ghudson@mit.edu: edited documentation and commit message]
|
|
|
4d190f |
|
|
|
4d190f |
ticket: 7476
|
|
|
4d190f |
tags: pullup
|
|
|
4d190f |
target_version: 1.18-next
|
|
|
4d190f |
|
|
|
4d190f |
(cherry picked from commit becd1ad6830b526d08ddaf5b2b6f213154c6446c)
|
|
|
4d190f |
(cherry picked from commit 52e3695cc5ef00766e12adfe8ed276c2885e71bb)
|
|
|
4d190f |
---
|
|
|
f7a442 |
doc/user/user_commands/kvno.rst | 24 +++++++++++++-----------
|
|
|
f7a442 |
src/clients/kvno/kvno.c | 15 +++++++++------
|
|
|
f7a442 |
src/man/kvno.man | 24 +++++++++++++-----------
|
|
|
f7a442 |
3 files changed, 35 insertions(+), 28 deletions(-)
|
|
|
4d190f |
|
|
|
4d190f |
diff --git a/doc/user/user_commands/kvno.rst b/doc/user/user_commands/kvno.rst
|
|
|
f7a442 |
index 718313576..65c44e1c0 100644
|
|
|
4d190f |
--- a/doc/user/user_commands/kvno.rst
|
|
|
4d190f |
+++ b/doc/user/user_commands/kvno.rst
|
|
|
4d190f |
@@ -10,13 +10,9 @@ SYNOPSIS
|
|
|
4d190f |
[**-c** *ccache*]
|
|
|
4d190f |
[**-e** *etype*]
|
|
|
4d190f |
[**-q**]
|
|
|
4d190f |
-[**-h**]
|
|
|
4d190f |
+[**-u** | **-S** *sname*]
|
|
|
4d190f |
[**-P**]
|
|
|
4d190f |
-[**-S** *sname*]
|
|
|
4d190f |
-[**-I** *for_user*]
|
|
|
4d190f |
-[**-U** *for_user*]
|
|
|
4d190f |
-[**-F** *cert_file*]
|
|
|
4d190f |
-[**--u2u** *ccache*]
|
|
|
4d190f |
+[[{**-F** *cert_file* | {**-I** | **-U**} *for_user*} [**-P**]] | **--u2u** *ccache*]
|
|
|
4d190f |
*service1 service2* ...
|
|
|
4d190f |
|
|
|
4d190f |
|
|
|
4d190f |
@@ -39,13 +35,18 @@ OPTIONS
|
|
|
4d190f |
of all the services named on the command line. This is useful in
|
|
|
4d190f |
certain backward compatibility situations.
|
|
|
4d190f |
|
|
|
4d190f |
+**-k** *keytab*
|
|
|
4d190f |
+ Decrypt the acquired tickets using *keytab* to confirm their
|
|
|
4d190f |
+ validity.
|
|
|
4d190f |
+
|
|
|
4d190f |
**-q**
|
|
|
4d190f |
Suppress printing output when successful. If a service ticket
|
|
|
4d190f |
cannot be obtained, an error message will still be printed and
|
|
|
4d190f |
kvno will exit with nonzero status.
|
|
|
4d190f |
|
|
|
4d190f |
-**-h**
|
|
|
4d190f |
- Prints a usage statement and exits.
|
|
|
4d190f |
+**-u**
|
|
|
4d190f |
+ Use the unknown name type in requested service principal names.
|
|
|
4d190f |
+ This option Cannot be used with *-S*.
|
|
|
4d190f |
|
|
|
4d190f |
**-P**
|
|
|
4d190f |
Specifies that the *service1 service2* ... arguments are to be
|
|
|
f7a442 |
@@ -76,16 +77,17 @@ OPTIONS
|
|
|
f7a442 |
|
|
|
f7a442 |
**--cached-only**
|
|
|
f7a442 |
Only retrieve credentials already present in the cache, not from
|
|
|
f7a442 |
- the KDC.
|
|
|
f7a442 |
+ the KDC. (Added in release 1.19.)
|
|
|
f7a442 |
|
|
|
f7a442 |
**--no-store**
|
|
|
f7a442 |
Do not store retrieved credentials in the cache. If
|
|
|
f7a442 |
**--out-cache** is also specified, credentials will still be
|
|
|
f7a442 |
- stored into the output credential cache.
|
|
|
f7a442 |
+ stored into the output credential cache. (Added in release 1.19.)
|
|
|
f7a442 |
|
|
|
f7a442 |
**--out-cache** *ccache*
|
|
|
f7a442 |
Initialize *ccache* and store all retrieved credentials into it.
|
|
|
f7a442 |
- Do not store acquired credentials in the input cache.
|
|
|
f7a442 |
+ Do not store acquired credentials in the input cache. (Added in
|
|
|
f7a442 |
+ release 1.19.)
|
|
|
f7a442 |
|
|
|
f7a442 |
**--u2u** *ccache*
|
|
|
f7a442 |
Requests a user-to-user ticket. *ccache* must contain a local
|
|
|
4d190f |
diff --git a/src/clients/kvno/kvno.c b/src/clients/kvno/kvno.c
|
|
|
f7a442 |
index 9d85864f6..c5f6bf700 100644
|
|
|
4d190f |
--- a/src/clients/kvno/kvno.c
|
|
|
4d190f |
+++ b/src/clients/kvno/kvno.c
|
|
|
f7a442 |
@@ -38,15 +38,18 @@
|
|
|
4d190f |
static char *prog;
|
|
|
4d190f |
static int quiet = 0;
|
|
|
4d190f |
|
|
|
4d190f |
+#define XUSAGE_BREAK "\n\t"
|
|
|
4d190f |
+
|
|
|
4d190f |
static void
|
|
|
4d190f |
xusage()
|
|
|
4d190f |
{
|
|
|
4d190f |
- fprintf(stderr, _("usage: %s [-C] [-u] [-c ccache] [-e etype]\n"), prog);
|
|
|
4d190f |
- fprintf(stderr, _("\t[-k keytab] [-S sname] [{-I | -U} for_user | "
|
|
|
4d190f |
- "[-F cert_file] [-P]]\n"));
|
|
|
f7a442 |
- fprintf(stderr, _("\t[--cached-only] [--no-store] [--out-cache ccache] "
|
|
|
f7a442 |
- "[--u2u ccache]\n"));
|
|
|
f7a442 |
- fprintf(stderr, _("\tservice1 service2 ...\n"));
|
|
|
4d190f |
+ fprintf(stderr, _("usage: %s [-c ccache] [-e etype] [-k keytab] [-q] "
|
|
|
4d190f |
+ "[-u | -S sname]" XUSAGE_BREAK
|
|
|
4d190f |
+ "[[{-F cert_file | {-I | -U} for_user} [-P]] | "
|
|
|
4d190f |
+ "--u2u ccache]" XUSAGE_BREAK
|
|
|
f7a442 |
+ "[--cached-only] [--no-store] [--out-cache] "
|
|
|
4d190f |
+ "service1 service2 ...\n"),
|
|
|
4d190f |
+ prog);
|
|
|
4d190f |
exit(1);
|
|
|
4d190f |
}
|
|
|
4d190f |
|
|
|
4d190f |
diff --git a/src/man/kvno.man b/src/man/kvno.man
|
|
|
f7a442 |
index b9f6739eb..22318324d 100644
|
|
|
4d190f |
--- a/src/man/kvno.man
|
|
|
4d190f |
+++ b/src/man/kvno.man
|
|
|
4d190f |
@@ -36,13 +36,9 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
|
|
|
4d190f |
[\fB\-c\fP \fIccache\fP]
|
|
|
4d190f |
[\fB\-e\fP \fIetype\fP]
|
|
|
4d190f |
[\fB\-q\fP]
|
|
|
4d190f |
-[\fB\-h\fP]
|
|
|
4d190f |
+[\fB\-u\fP | \fB\-S\fP \fIsname\fP]
|
|
|
4d190f |
[\fB\-P\fP]
|
|
|
4d190f |
-[\fB\-S\fP \fIsname\fP]
|
|
|
4d190f |
-[\fB\-I\fP \fIfor_user\fP]
|
|
|
4d190f |
-[\fB\-U\fP \fIfor_user\fP]
|
|
|
4d190f |
-[\fB\-F\fP \fIcert_file\fP]
|
|
|
4d190f |
-[\fB\-\-u2u\fP \fIccache\fP]
|
|
|
4d190f |
+[[{\fB\-F\fP \fIcert_file\fP | {\fB\-I\fP | \fB\-U\fP} \fIfor_user\fP} [\fB\-P\fP]] | \fB\-\-u2u\fP \fIccache\fP]
|
|
|
4d190f |
\fIservice1 service2\fP ...
|
|
|
4d190f |
.SH DESCRIPTION
|
|
|
4d190f |
.sp
|
|
|
4d190f |
@@ -60,13 +56,18 @@ Specifies the enctype which will be requested for the session key
|
|
|
4d190f |
of all the services named on the command line. This is useful in
|
|
|
4d190f |
certain backward compatibility situations.
|
|
|
4d190f |
.TP
|
|
|
4d190f |
+\fB\-k\fP \fIkeytab\fP
|
|
|
4d190f |
+Decrypt the acquired tickets using \fIkeytab\fP to confirm their
|
|
|
4d190f |
+validity.
|
|
|
4d190f |
+.TP
|
|
|
4d190f |
\fB\-q\fP
|
|
|
4d190f |
Suppress printing output when successful. If a service ticket
|
|
|
4d190f |
cannot be obtained, an error message will still be printed and
|
|
|
4d190f |
kvno will exit with nonzero status.
|
|
|
4d190f |
.TP
|
|
|
4d190f |
-\fB\-h\fP
|
|
|
4d190f |
-Prints a usage statement and exits.
|
|
|
4d190f |
+\fB\-u\fP
|
|
|
4d190f |
+Use the unknown name type in requested service principal names.
|
|
|
4d190f |
+This option Cannot be used with \fI\-S\fP\&.
|
|
|
4d190f |
.TP
|
|
|
4d190f |
\fB\-P\fP
|
|
|
4d190f |
Specifies that the \fIservice1 service2\fP ... arguments are to be
|
|
|
f7a442 |
@@ -97,16 +98,17 @@ certificate file must be in PEM format.
|
|
|
f7a442 |
.TP
|
|
|
f7a442 |
\fB\-\-cached\-only\fP
|
|
|
f7a442 |
Only retrieve credentials already present in the cache, not from
|
|
|
f7a442 |
-the KDC.
|
|
|
f7a442 |
+the KDC. (Added in release 1.19.)
|
|
|
f7a442 |
.TP
|
|
|
f7a442 |
\fB\-\-no\-store\fP
|
|
|
f7a442 |
Do not store retrieved credentials in the cache. If
|
|
|
f7a442 |
\fB\-\-out\-cache\fP is also specified, credentials will still be
|
|
|
f7a442 |
-stored into the output credential cache.
|
|
|
f7a442 |
+stored into the output credential cache. (Added in release 1.19.)
|
|
|
f7a442 |
.TP
|
|
|
f7a442 |
\fB\-\-out\-cache\fP \fIccache\fP
|
|
|
f7a442 |
Initialize \fIccache\fP and store all retrieved credentials into it.
|
|
|
f7a442 |
-Do not store acquired credentials in the input cache.
|
|
|
f7a442 |
+Do not store acquired credentials in the input cache. (Added in
|
|
|
f7a442 |
+release 1.19.)
|
|
|
f7a442 |
.TP
|
|
|
f7a442 |
\fB\-\-u2u\fP \fIccache\fP
|
|
|
f7a442 |
Requests a user\-to\-user ticket. \fIccache\fP must contain a local
|