none
Piping password to kinit on a windows server RRS feed

  • Question

  • We are setting up a system where we need to re-verify a user's identify before he/she is allowed to perform a specific task. The user enters his/her password into the website, and then PHP runs kinit to verify that the password is correct. We use Kerberos for authentication. This is what we successfully tried on a Linux server:

    echo "base64_encoded_password" | base64 --decode | kinit username@REALM.COM
    

    The problem is that the system is running on a Windows server. We have installed kinit, but cannot seem to get the same thing to work. Running that same command, with or without the quotes, just gives us this output:

    kinit: Generic preauthentication failure while getting initial credentials
    

    Any suggestions on what could be done here?

    Edit: Running simply "kinit" and then entering the password at the prompt, works well.'

    Monday, March 4, 2019 3:35 PM

Answers

  • Whether this will work or not depends on how cmd.exe sends the string to standard output. If the string contains any special shell characters, you'll need to escape them (or quote the whole string, and then unquote on the other side of the pipe). I don't remember whether the string it sends to standard output includes a newline (CR+LF) character combination.

    Other than that, I don't have any other suggestions. You may want to look into using a more capable shell (such as PowerShell).


    -- Bill Stewart [Bill_Stewart]

    Friday, March 8, 2019 5:03 AM
    Moderator

All replies

  • What shell?

    -- Bill Stewart [Bill_Stewart]

    Monday, March 4, 2019 4:30 PM
    Moderator
  • Normal cmd. We have also tried without the base64 without success.
    Monday, March 4, 2019 7:47 PM
  • Normal cmd. We have also tried without the base64 without success.

    What is a normal command?  It is not a Windows command.  I suggest posting to the vendor or site that provided the command.  Utilities are not supported in scripting forums.  We support questions about the script language usage.  Details about how to use external systems need to be resolved be the provider or forum for the external system.


    \_(ツ)_/

    Monday, March 4, 2019 7:51 PM
  • Sorry. It seems "Windows Command Prompt" is the full name.


    • Edited by Rasmus_378 Monday, March 4, 2019 7:55 PM
    Monday, March 4, 2019 7:53 PM
  • Also be aware that kinit on Windows is reported to have many issues and needs to be used in specific ways.  The exact requirements can vary between suppliers of kinit.

    Also kinit cannot read from the pipeline in Windows but must use an init file.


    \_(ツ)_/


    • Edited by jrv Monday, March 4, 2019 7:55 PM
    Monday, March 4, 2019 7:54 PM
  • Sorry. It seems "Windows Command Prompt" is the full name.


    The Windows command prompt is not a script.  It is a shell.  It is not a Unix complaint shell and does not work the same.  Please contact the vendor of your version on kinit.


    \_(ツ)_/

    Monday, March 4, 2019 7:57 PM
  • When you echo in cmd.exe, don't use the quotes. (The 'echo' command outputs the full string, including the quote marks.)

    -- Bill Stewart [Bill_Stewart]

    Monday, March 4, 2019 8:30 PM
    Moderator
  • We tried without the quotes as well. No luck :(
    Wednesday, March 6, 2019 9:09 AM
  • Whether this will work or not depends on how cmd.exe sends the string to standard output. If the string contains any special shell characters, you'll need to escape them (or quote the whole string, and then unquote on the other side of the pipe). I don't remember whether the string it sends to standard output includes a newline (CR+LF) character combination.

    Other than that, I don't have any other suggestions. You may want to look into using a more capable shell (such as PowerShell).


    -- Bill Stewart [Bill_Stewart]

    Friday, March 8, 2019 5:03 AM
    Moderator