in kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/kinit/KinitTool.java [130:247]
private static void requestTicket(String principal, KOptions ktOptions) {
ktOptions.add(KinitOption.CLIENT_PRINCIPAL, principal);
File confDir = null;
if (ktOptions.contains(KinitOption.CONF_DIR)) {
confDir = ktOptions.getDirOption(KinitOption.CONF_DIR);
}
KrbClient krbClient = null;
try {
krbClient = getClient(confDir);
} catch (KrbException e) {
System.err.println("Create krbClient failed: " + e.getMessage());
System.exit(1);
}
if (ktOptions.contains(KinitOption.RENEW)) {
if (ktOptions.contains(KinitOption.KRB5_CACHE)) {
String ccName = ktOptions.getStringOption(KinitOption.KRB5_CACHE);
File ccFile = new File(ccName);
SgtTicket sgtTicket = null;
try {
sgtTicket = krbClient.requestSgt(ccFile, null);
} catch (KrbException e) {
System.err.println("kinit: " + e.getKrbErrorCode().getMessage());
}
try {
krbClient.renewTicket(sgtTicket, ccFile);
} catch (KrbException e) {
System.err.println("kinit: " + e.getKrbErrorCode().getMessage());
}
System.out.println("Successfully renewed.");
}
return;
}
if (ktOptions.contains(KinitOption.SERVICE) && ktOptions.contains(KinitOption.KRB5_CACHE)) {
String ccName = ktOptions.getStringOption(KinitOption.KRB5_CACHE);
File ccFile = new File(ccName);
if (ccFile.exists()) {
System.out.println("Use credential cache to request a service ticket.");
String servicePrincipal = ktOptions.getStringOption(KinitOption.SERVICE);
SgtTicket sgtTicket = null;
try {
sgtTicket = krbClient.requestSgt(ccFile, servicePrincipal);
} catch (KrbException e) {
System.err.println("Kinit: get service ticket failed: " + e.getMessage());
System.exit(1);
}
try {
krbClient.storeTicket(sgtTicket, ccFile);
} catch (KrbException e) {
System.err.println("Kinit: store ticket failed: " + e.getMessage());
System.exit(1);
}
System.out.println(sgtTicket.getEncKdcRepPart().getSname().getName() + ": knvo = "
+ sgtTicket.getTicket().getEncryptedEncPart().getKvno());
return;
}
}
if (ktOptions.contains(KinitOption.ANONYMOUS)) {
ktOptions.add(PkinitOption.USE_ANONYMOUS);
ktOptions.add(PkinitOption.X509_ANCHORS);
} else if (!ktOptions.contains(KinitOption.USE_KEYTAB)) {
//If not request tickets by keytab than by password.
ktOptions.add(KinitOption.USE_PASSWD);
String password = getPassword(principal);
ktOptions.add(KinitOption.USER_PASSWD, password);
}
TgtTicket tgt = null;
try {
tgt = krbClient.requestTgt(convertOptions(ktOptions));
} catch (KrbException e) {
System.err.println("Authentication failed: " + e.getMessage());
System.exit(1);
}
File ccacheFile;
if (ktOptions.contains(KinitOption.KRB5_CACHE)) {
String ccacheName = ktOptions.getStringOption(KinitOption.KRB5_CACHE);
ccacheFile = new File(ccacheName);
} else {
String ccacheName = getCcacheName(krbClient);
ccacheFile = new File(ccacheName);
}
try {
krbClient.storeTicket(tgt, ccacheFile);
} catch (KrbException e) {
System.err.println("Store ticket failed: " + e.getMessage());
System.exit(1);
}
System.out.println("Successfully requested and stored ticket in "
+ ccacheFile.getAbsolutePath());
if (ktOptions.contains(KinitOption.SERVICE)) {
System.out.println("Use tgt to request a service ticket.");
String servicePrincipal = ktOptions.getStringOption(KinitOption.SERVICE);
SgtTicket sgtTicket;
try {
sgtTicket = krbClient.requestSgt(tgt, servicePrincipal);
} catch (KrbException e) {
System.err.println("kinit: " + e.getKrbErrorCode().getMessage());
return;
}
System.out.println(sgtTicket.getEncKdcRepPart().getSname().getName() + ": knvo = "
+ sgtTicket.getTicket().getEncryptedEncPart().getKvno());
}
}