[39070] in Kerberos
Re: Creating a principal using the kadmin C API
daemon@ATHENA.MIT.EDU (Greg Hudson)
Fri Apr 8 00:39:06 2022
Message-ID: <733bbe58-7c13-8abc-f0e6-3cbe979540ed@mit.edu>
Date: Fri, 8 Apr 2022 00:35:29 -0400
MIME-Version: 1.0
Content-Language: en-US
To: Lars Francke <lars.francke@gmail.com>, <kerberos@mit.edu>
From: Greg Hudson <ghudson@mit.edu>
In-Reply-To: <CAD-Ua_ifa=vo4PEzy3kx-5FB3J+hhN_2BTuS7O=E+hfudRbV4Q@mail.gmail.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On 4/7/22 16:19, Lars Francke wrote:
> We tried to use kadm5_create_principal_3 and kadm5_randkey_principal_3 but
> we seem to be running into an issue. Ideally we'd like to call this
> function with a handle (+ context) with an in-memory krb5.conf but that
> does not seem to work so we create the files and refer to them in the
> profile but kadmin still seems to load (is this related to the
> "alt_profile"?) a file from a default location which means it'll use the
> wrong connection details.
krb5_init_context_profile() lets you supply a profile object. If this
is created with profile_init_path(), the application should be able to
strictly control which file is used.
It is possible to create an in-memory profile with
profile_init_vtable(). Perhaps it would be nicer if one could create an
empty in-memory profile object and populate it with
profile_add_relation(), but that is not currently implemented.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
