[\fB\-A\fP]
[\fB\-v\fP] [\fB\-R\fP]
[\fB\-k\fP [\fB\-t\fP \fIkeytab_file\fP]] [\fB\-c\fP \fIcache_name\fP]
-[\fB\-S\fP \fIservice_name\fP]
+[\fB\-S\fP \fIservice_name\fP][\fB\-T\fP \fIarmor_ccache\fP]
[\fB\-X\fP \fIattribute\fP[=\fIvalue\fP]]
[\fIprincipal\fP]
.ad b
.I keytab_file
option; otherwise the default name and location will be used.
.TP
+\fB\-T\fP \fIarmor_ccache\fP
+Specifies the name of a credential cache that already contains a ticket. This ccache
+will be used to armor the request Ideally, an attacker should have to attack both the armor ticket and the key of the principal.
+.TP
\fB\-c\fP \fIcache_name\fP
use
.I cache_name
char* service_name;
char* keytab_name;
char* k5_cache_name;
+ char *armor_ccache;
action_type action;
USAGE_BREAK
"[-v] [-R] "
"[-k [-t keytab_file]] "
- "[-c cachename] "
+ "[-c cachename] "
+ USAGE_BREAK
+ "[-S service_name]""-T ticket_armor_cache"
USAGE_BREAK
- "[-S service_name]"
"[-X <attribute>[=<value>]] [principal]"
"\n\n",
progname);
int errflg = 0;
int i;
- while ((i = GETOPT(argc, argv, "r:fpFP54aAVl:s:c:kt:RS:vX:CE"))
+ while ((i = GETOPT(argc, argv, "r:fpFP54aAVl:s:c:kt:T:RS:vX:CE"))
!= -1) {
switch (i) {
case 'V':
opts->keytab_name = optarg;
}
break;
+ case 'T':
+ if (opts->armor_ccache) {
+ fprintf(stderr, "Only one armor_ccache\n");
+ errflg++;
+ } else opts->armor_ccache = optarg;
+ break;
case 'R':
opts->action = RENEW;
break;
}
if (opts->no_addresses)
krb5_get_init_creds_opt_set_address_list(options, NULL);
+ if (opts->armor_ccache)
+ krb5_get_init_creds_opt_set_fast_ccache_name(k5->ctx, options, opts->armor_ccache);
+
if ((opts->action == INIT_KT) && opts->keytab_name)
{
projects / krb5.git / commitdiff