fix(krb5): use uuid as user keytab name

zncdatadev · Jan 9, 2025 · 97d4211 · 97d4211
1 parent 280d56c
commit 97d4211
Showing 1 changed file with 4 additions and 10 deletions.
diff --git a/pkg/kerberos/kadmin.go b/pkg/kerberos/kadmin.go
@@ -3,11 +3,14 @@ package kerberos
 import (
 	"crypto/sha256"
 	"encoding/hex"
+	"fmt"
 	"os"
 	"os/exec"
+	"path"
 	"strings"
 	"sync"
 
+	"github.com/google/uuid"
 	ctrl "sigs.k8s.io/controller-runtime"
 )
 
@@ -123,17 +126,8 @@ func (k *Kadmin) Query(query string) (result string, err error) {
 // Ktadd generates a keytab file for the given principals
 // Usage: ktadd [-k[eytab] keytab] [-q] [-e keysaltlist] [-norandkey] [principal | -glob princ-exp] [...]
 func (k *Kadmin) Ktadd(principals ...string) ([]byte, error) {
-	// Create a temporary file for the keytab
-	tmpFile, err := os.CreateTemp("", "*.keytab")
-	if err != nil {
-		logger.Error(err, "Failed to create temporary keytab file")
-		return nil, err
-	}
-	keytab := tmpFile.Name()
+	keytab := path.Join(os.TempDir(), fmt.Sprintf("%s.keytab", uuid.New().String()))
 	defer func() {
-		if closeErr := tmpFile.Close(); closeErr != nil {
-			logger.Error(closeErr, "Failed to close temporary keytab file")
-		}
 		if err := os.RemoveAll(keytab); err != nil {
 			logger.Error(err, "Failed to remove keytab")
 		}