Authen::Krb5::init_context()orerrorout(Authen::Krb5::error()." while initializing context.",1);
Authen::Krb5::init_ets()orerrorout(Authen::Krb5::error()." while initializing error tables.",1);
...
...
@@ -101,13 +103,18 @@ if (!$proxy) {
msg("Acquiring credentials for user ($user) for service ($service) using credentials of principal ($service) [S4U2Self]")if($verbose);
$krb5creds_out=Authen::Krb5::get_credentials_for_user($krb5princ_for_user,$krb5princ,$krb5ccache)orerrorout(Authen::Krb5::error()." while getting credentials for user ($user).",1);
my$creds=Authen::Krb5::get_credentials_for_user($krb5princ_for_user,$krb5princ,$krb5ccache)orerrorout(Authen::Krb5::error()." while getting credentials for user ($user).",1);
push@krb5creds_out,$creds
}else{
msg("Acquiring credentials for user ($user) for service ($proxy) using credentials of principal ($service) [S4U2Proxy]")if($verbose);
foreachmy$p(split(',',$proxy)){
msg("Acquiring credentials for user ($user) for service ($p) using credentials of principal ($service) [S4U2Proxy]")if($verbose);
$krb5princ_for_proxy=Authen::Krb5::parse_name($proxy)orerrorout(Authen::Krb5::error()." while parsing for user principal ($proxy).",1);
$krb5creds_out=Authen::Krb5::get_credentials_for_proxy($krb5princ_for_user,$krb5princ,$krb5princ_for_proxy,$krb5ccache,$krb5keytab)orerrorout(Authen::Krb5::error()." while getting user ($user) credentials for proxy ($proxy).",1);
$krb5princ_for_proxy=Authen::Krb5::parse_name($p)orerrorout(Authen::Krb5::error()." while parsing for user principal ($p).",1);
my$creds=Authen::Krb5::get_credentials_for_proxy($krb5princ_for_user,$krb5princ,$krb5princ_for_proxy,$krb5ccache,$krb5keytab)orerrorout(Authen::Krb5::error()." while getting user ($user) credentials for proxy ($p).",1);
push@krb5creds_out,$creds
}
}
if($ccache){
...
...
@@ -120,7 +127,9 @@ $krb5ccache_out = Authen::Krb5::cc_resolve($outccache) or errorout(Authen::Krb5:
$krb5ccache_out->initialize($krb5princ_for_user)orerrorout(Authen::Krb5::error()." while initalizing ccache. ($outccache).",1);
$krb5ccache_out->store_cred($krb5creds_out)orerrorout(Authen::Krb5::error()." while storing user ($user) credentials in ccache ($outccache).",1);
formy$creds(@krb5creds_out){
$krb5ccache_out->store_cred($creds)orerrorout(Authen::Krb5::error()." while storing user ($user) credentials in ccache ($outccache).",1);
}
if($ccache){
msg("Kerberos ccache for user ($user) for service ($service) [S4U2Self]: ")if(!$proxy&&$verbose);
...
...
@@ -195,10 +204,12 @@ Obtain credentials on behalf of USER Kerberos principal (can be specified as USE
Use this SERVICE1 principal to obtain credentials for user (can be specified as SERVICE1/HOST.DOMAIN[@REALM])
=item B<--proxy SERVICE2>
=item B<--proxy SERVICE2,...>
SERVICE1 principal is used to obtain credentials for SERVICE2 for user USER (can be specified as SERVICE2/HOST.DOMAIN[@REALM])
Multiple proxy services may be seperated by commas.
=item B<--keytab KEYTAB>
Kerberos keytab file containing key(s) for SERVICE1.