Skip to main content

verify_credential

Function verify_credential 

Source
pub fn verify_credential(
    tools: &Tools,
    identity: &MachineIdentity,
) -> Result<()>
Expand description

Prove the machine credential works: kinit -k into a private throwaway cache, then destroy it. Equivalent to adcli testjoin.

The cache lives in a freshly-created private (0700) directory rather than a predictable bare path in /tmpmkdir fails on a pre-existing entry (including an attacker’s symlink), so root never writes a ticket through a path someone else planted.