Thanks a lot,

I tried to separate the command, and everything seem ok.

But I had a problem with the command "addprinc", since the java exec pass to
it like a single string (the command was interpreted like "addprinc
lola@SAKURA.COM" and not like "addprinc").

So, my solution was to create a script with parameter separated by spaces
and call it from Java... lovely.

Thanks a lot

Jonathan Córdoba
Certified Ethical Hacker (CEH)
GIAC Certified Forensics Analyst (GCFA)
CompTIA Security+ Certified Professional
Ing. Seguridad Universidad de los Andes
Dirección de Tecnologías de Información (D.T.I.)
Bogotá - Colombia

-----Original Message-----
From: Ken Raeburn [mailto:raeburn@MIT.EDU]
Sent: Martes, 13 de Noviembre de 2007 01:32 p.m.
To: Jonathan Javier Cordoba Gonzalez
Cc: kerberos@mit.edu
Subject: Re: Java Kadmin

On Nov 13, 2007, at 13:09, Jonathan Javier Cordoba Gonzalez wrote:
> Well I’m try to do a interface that admin the user database on
> java. My
> first solution was call kadmin.local from java through
>
> Runtime.getRuntime().exec("kadmin.local –q \"addprinc –pw lola
> lola@SAKURA.COM\"")
>
> Well there seems ok, but when I execute on a linux box the process
> on Java
> tries to connect with the user w@SAKURA.COM... (funny isn’t it?)
> and kadmin
> doesn’t found on KDC.


Sounds like exec isn't parsing the string the way a shell would, and
kadmin.local sees a separate "-pw" argument and takes that as an
indication that the principal name is "w". According to http://
java.sun.com/j2se/1.4.2/docs/api/java/lang/Runtime.html#exec
(java.lang.String) the string is parsed using a StringTokenizer that
doesn't understand quoted strings in the input.

Probably you want to use the exec(String[]) method instead, and
construct the argument array yourself, either as an array directly,
or by more shell-like tokenization.

Ken