When trying to use the -C option instead of the --login-ccache equivalent, the option's argument is misinterpreted as the domain:
% adcli --verbose join -C /tmp/krb5cc_5785_iZoBCQ
* Using domain name: /tmp/krb5cc_5785_iZoBCQ
* Calculated computer account name from fqdn: SOM-SENSU01
* Calculated domain realm from name: /TMP/KRB5CC_5785_IZOBCQ
* Discovering domain controllers: _ldap._tcp./tmp/krb5cc_5785_iZoBCQ
! No LDAP SRV records for domain: _ldap._tcp./tmp/krb5cc_5785_iZoBCQ: Name or service not known
! Couldn't find usable domain controller to connect to
adcli: couldn't connect to /tmp/krb5cc_5785_iZoBCQ domain: Couldn't find usable domain controller to connect to
% adcli --verbose join --login-ccache=/tmp/krb5cc_5785_iZoBCQ
(BTW, why would not the tool automatically use the $KRB5CCNAME found in the environment instead of always trying to authenticate as Administrator?)
The short option doesn't have an argument. I can document this better in the manual page.
When no argument is specified to --login-ccache or the -C is used (which doesn't have an argument) then the default kerberos credential cache is used.
Pushed this to git master:
Author: Stef Walter <firstname.lastname@example.org>
Date: Thu Jun 16 15:27:45 2016 +0200
doc: Update the documentation about the default kerberos cache
(In reply to Stef Walter from comment #1)
> The short option doesn't have an argument. I can document this better in the
> manual page.
That's somewhat inconsistent with regular usage, in my opinion. The long and short options have, historically, been equivalent -- one could even foregoe the getopt_long() and use only the getopt(3) and obtain the same functionality.
But adcli, certainly, is not the only modern utility, which insists long-options be used for some of the features...
Thanks for the prompt reaction.