Bug 96544 - Short option -C incorrectly interpreted
Summary: Short option -C incorrectly interpreted
Alias: None
Product: realmd
Classification: Unclassified
Component: adcli (show other bugs)
Version: unspecified
Hardware: All All
: medium normal
Assignee: Stef Walter
QA Contact:
Depends on:
Reported: 2016-06-16 04:37 UTC by Mikhail T.
Modified: 2016-06-16 15:11 UTC (History)
1 user (show)

See Also:
i915 platform:
i915 features:


Description Mikhail T. 2016-06-16 04:37:31 UTC
When trying to use the -C option instead of the --login-ccache equivalent, the option's argument is misinterpreted as the domain:

% adcli --verbose join -C /tmp/krb5cc_5785_iZoBCQ
 * Using domain name: /tmp/krb5cc_5785_iZoBCQ
 * Calculated computer account name from fqdn: SOM-SENSU01
 * Calculated domain realm from name: /TMP/KRB5CC_5785_IZOBCQ
 * Discovering domain controllers: _ldap._tcp./tmp/krb5cc_5785_iZoBCQ
 ! No LDAP SRV records for domain: _ldap._tcp./tmp/krb5cc_5785_iZoBCQ: Name or service not known
 ! Couldn't find usable domain controller to connect to
adcli: couldn't connect to /tmp/krb5cc_5785_iZoBCQ domain: Couldn't find usable domain controller to connect to

% adcli --verbose join --login-ccache=/tmp/krb5cc_5785_iZoBCQ
works fine.

(BTW, why would not the tool automatically use the $KRB5CCNAME found in the environment instead of always trying to authenticate as Administrator?)
Comment 1 Stef Walter 2016-06-16 13:29:58 UTC
The short option doesn't have an argument. I can document this better in the manual page.
Comment 2 Stef Walter 2016-06-16 13:30:27 UTC
When no argument is specified to --login-ccache or the -C is used (which doesn't have an argument) then the default kerberos credential cache is used.
Comment 3 Stef Walter 2016-06-16 13:31:39 UTC
Pushed this to git master:

commit 40acf5f12379c8e7c86f2fec34e1e276ede5ef47
Author: Stef Walter <stefw@redhat.com>
Date:   Thu Jun 16 15:27:45 2016 +0200

    doc: Update the documentation about the default kerberos cache
Comment 4 Mikhail T. 2016-06-16 15:11:01 UTC
(In reply to Stef Walter from comment #1)
> The short option doesn't have an argument. I can document this better in the
> manual page.

That's somewhat inconsistent with regular usage, in my opinion. The long and short options have, historically, been equivalent -- one could even foregoe the getopt_long() and use only the getopt(3) and obtain the same functionality.

But adcli, certainly, is not the only modern utility, which insists long-options be used for some of the features...

Thanks for the prompt reaction.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.