On Jul 8, 2008, at 10:53, Klaus Jensen wrote: > I'm working on using a script to change the password for a given > principal. > The resulting command line is something like this: > > kadmin -k -t keytapfile -p host/host.foobar -q "cpw -pw > <somepassword> [EMAIL PROTECTED]" > > When <somepassword> contains a quote character (i.e. password is: > foobar"omg) > I get the following error: > > kadmin: Unbalanced quotes in command line > > Note that the quote is escaped: > kadmin -k -t keytapfile -p host/host.foobar -q "cpw -pw foobar\"omg > [EMAIL PROTECTED]" > > > > I tried using kadmin without '-q' and got the same error message > when using > the command directly: > > # kadmin -k -t keytapfile -p host/host.foobar > kadmin: cpw -pw foobar"omg [EMAIL PROTECTED] > kadmin: Unbalanced quotes in command line > > Samething when escaped: > > kadmin: cpw -pw foobar\"omg [EMAIL PROTECTED] > kadmin: Unbalanced quotes in command line
Yeah, the quote handling in that code is kind of strange. As best I recall, the code was vaguely modeled on a CLI that treated "" within a quoted string as inserting just " into that string, and unfortunately not on UNIX sh or csh behavior. So: % ../../Inst/sbin/kadmin.local -q 'ank "foo""bar"' Authenticating as principal raeburn/[EMAIL PROTECTED] with password. WARNING: no policy specified for foo"[EMAIL PROTECTED]; defaulting to no policy Enter password for principal "foo"[EMAIL PROTECTED]": Or this one, which looks even stranger: % kadmin.local -q 'ank foo""""bar' Authenticating as principal raeburn/[EMAIL PROTECTED] with password. WARNING: no policy specified for foo"[EMAIL PROTECTED]; defaulting to no policy Enter password for principal "foo"[EMAIL PROTECTED]": (That's read as "foo" and then a quoted string containing one quote and then "bar", all pasted together as one argument.) Getting that through the shell's parser if you use double-quoted strings on the shell command line will be even uglier. I wouldn't write any scripts or anything that rely on this behavior; I keep hoping we'll just replace that library with an externally maintained, and perhaps more UNIX-like, command-line parser. I'm sure there are a few out there. (One that provides some kind of scripting capability would be a win, I would guess.) If we do, I expect we'd keep the basic tool behavior the same, but weird quoting stuff like this may change. Ken ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos