Add --quiet option to ipa-getkeytab

Return message on success
Avoid SASL output from being printed
Make sure the man page is up to date

ipa-client/ipa-getkeytab.c

@@ -330,7 +330,7 @@ static int ldap_set_keytab(const char *servername,
 	ret = ldap_sasl_interactive_bind_s(ld,
 					   NULL, "GSSAPI",
 					   NULL, NULL,
-					   LDAP_SASL_AUTOMATIC,
+					   LDAP_SASL_QUIET,
 					   ldap_sasl_interact, princ);
 	if (ret != LDAP_SUCCESS) {
 		fprintf(stderr, "SASL Bind failed!\n");
@@ -449,11 +449,13 @@ int main(int argc, char *argv[])
 	static const char *principal = NULL;
 	static const char *keytab = NULL;
 	static const char *enctypes_string = NULL;
+	int quiet = 0;
         struct poptOption options[] = {
                 { "server", 's', POPT_ARG_STRING, &server, 0, "Contact this specific KDC Server", "Server Name" },
                 { "principal", 'p', POPT_ARG_STRING, &principal, 0, "The principal to get a keytab for (ex: ftp/ftp.example.com@EXAMPLE.COM)", "Kerberos Service Principal Name" },
                 { "keytab", 'k', POPT_ARG_STRING, &keytab, 0, "File were to store the keytab information", "Keytab File Name" },
 		{ "enctypes", 'e', POPT_ARG_STRING, &enctypes_string, 0, "Encryption types to request", "Comma separated encription types list" },
+		{ "quiet", 'q', POPT_ARG_NONE, &quiet, 0, "Print as little as possible", "Output only on errors"},
 		{ NULL, 0, POPT_ARG_NONE, NULL, 0, NULL, NULL }
 	};
 	poptContext pc;
@@ -474,7 +476,9 @@ int main(int argc, char *argv[])
 	pc = poptGetContext("ipa-getkeytab", argc, (const char **)argv, options, 0);
 	ret = poptGetNextOpt(pc);
 	if (ret != -1 || !server || !principal || !keytab) {
-		poptPrintUsage(pc, stderr, 0);
+		if (!quiet) {
+			poptPrintUsage(pc, stderr, 0);
+		}
 		exit(1);
 	}
 
@@ -560,5 +564,10 @@ int main(int argc, char *argv[])
 		exit (12);
 	}
 
+	if (!quiet) {
+		fprintf(stderr,
+			"Keytab successfully retrieved and stored in: %s\n",
+			keytab);
+	}
 	exit(0);
 }

ipa-client/man/ipa-getkeytab.1

@@ -15,16 +15,16 @@
 .\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 .\" 
 .\" Author: Karl MacMillan <kmacmill@redhat.com>
+.\" Author: Simo Sorce <ssorce@redhat.com>
 .\" 
 .TH "ipa-getkeytab" "1" "Oct 10 2007" "freeipa" ""
 .SH "NAME"
 ipa\-getkeytab \- Get a keytab for a kerberos principal
 .SH "SYNOPSIS"
-ipa\-getkeytab [\fI-a\fR] \fIprincipal-name\fR \fIfile-name\fR
+ipa\-getkeytab <\fI-s ipaserver\fR> <\fI-p principal-name\fR> <\fI-k keytab-file\fR> [\fI-e encryption-types\fR] [\fI-q\fR]
 
 .SH "DESCRIPTION"
-Retrieves a kerberos \fIkeytab\fR and optionally adds a
-service \fIprincipal\fR.
+Retrieves a kerberos \fIkeytab\fR.
 
 Kerberos keytabs are used for services (like sshd) to
 perform kerberos authentication. A keytab is a file
@@ -41,7 +41,7 @@ is an example principal for an ldap server:
 
 When using ipa-getkeytab the realm name is already
 provided, so the principal name is just the service
-name and hostname (ldap/foo.example.com from the 
+name and hostname (ldap/foo.example.com from the
 example above).
 
 \fBWARNING:\fR retrieving the keytab resets the secret
@@ -49,15 +49,29 @@ rendering all other keytabs for that principal invalid.
 
 .SH "OPTIONS"
 .TP 
-\fB\-a\fR
-Add the service principal in addition to getting the keytab
+\fB\-s ipaserver\fR
+The IPA Server to retrieve the keytab from (FQDN).
+
+\fB\-p principal-name\fR
+The non realm part of the full principal name.
+
+\fB\-k keytab-file\fR
+The keytab file where to append the new key (will be
+created if not existing).
+
+\fB\-e encryption-types\fR
+The list of encryption types to use to generate keys.
+ipa-getkeytab will use local client defaults if not provided.
+
+\fB\-q\fR
+Keep quiet.
 
 .SH "EXAMPLES"
 
 Add and retrieve a keytab for the ldap service principal on
 the host foo.example.com and save it in the file ldap.keytab.
 
-   # ipa-getkeytab -a ldap/foo.example.com ldap.keytab
+   # ipa-getkeytab -s ipaserver.example.com -p nfs/foo.example.com -k /tmp/ldap.keytab -e des-cbc-crc
 
 .SH "EXIT STATUS"
 The exit status is 0 on success, nonzero on error.