Bug 1791545
| Summary: | Manpage and help does not explain the use of "-C" option | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Kaushik Banerjee <kbanerje> |
| Component: | adcli | Assignee: | Sumit Bose <sbose> |
| Status: | CLOSED ERRATA | QA Contact: | sssd-qe <sssd-qe> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 8.2 | CC: | atikhono, pcech, sbose, sgadekar |
| Target Milestone: | rc | Flags: | pm-rhel:
mirror+
|
| Target Release: | 8.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | sync-to-jira | ||
| Fixed In Version: | adcli-0.8.2-7.el8 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-11-04 02:07:53 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Upstream: - 93a39bd12db11dd407676f428cfbc30406a88c36 Tested against
adcli-0.8.2-7.el8.x86_64
]$ man agcli
-C
Use the default Kerberos credential cache to authenticate with the domain.
--login-ccache[=ccache_name]
Use the specified Kerberos credential cache to authenticate with the domain. If no credential cache is specified, the default Kerberos credential cache will be used. Credential caches of type
FILE can be given with the path to the file. For other credential cache types, e.g. DIR, KEYRING or KCM, the type must be specified explicitly together with a suitable identifier.
Please note that since the ccache_name is optional the =(equal) sign is mandatory. If = is missing the parameter is treated as optionless extra argument. How this is handled depends on the
specific sub-command.
Looks good. An example of --login-ccache usecase would have been more helpful, however current information is clear enough.
Marking verified.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (adcli bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:4578 |
Description of problem: Manpage and help does not explain the use of "-C" option Version-Release number of selected component (if applicable): adcli-0.8.2-4.el8.x86_64 How reproducible: Always Steps to Reproduce: 1. Check the existing help text -C, --login-ccache=<...> kerberos credential cache file which contains ticket to used to connect to the domain 2. Check the existing manpage text -C, --login-ccache=ccache_name Use the specified kerberos credential cache to authenticate with the domain. If no credential cache is specified, the default kerberos credential cache will be used. Credential caches of type FILE can be given with the path to the file. For other credential cache types, e.g. DIR, KEYRING or KCM, the type must be specified explicitly together with a suitable identifier. 3. On testing the "-C" option, I found that it uses the computer account. e.g. # adcli show-computer -C 'CI-VM-10-0-155-' -D 'td5e5666.com' <Gives appropriate output> # adcli show-computer -C 'NON-CI-VM-10-0-155-' -D 'td5e5666.com' adcli: couldn't read data for NON-CI-VM-10-0-155-: No computer account for NON-CI-VM-10-0-155-$ exists # adcli show-computer --login-ccache='CI-VM-10-0-155-' -D 'td5e5666.com' adcli: couldn't connect to td5e5666.com domain: Couldn't authenticate to active directory: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No credentials cache found) # adcli show-computer --login-ccache='/tmp/krb5cc_0' -D 'td5e5666.com' <Gives correct output> Actual results: -C needs input of computer account which is not mentioned in help or manpage Expected results: Functionality of -C should be mentioned correctly in manpage or help Additional info: