[39072] in Kerberos
Re: Creating a principal using the kadmin C API
daemon@ATHENA.MIT.EDU (Lars Francke)
Fri Apr 8 05:59:58 2022
MIME-Version: 1.0
In-Reply-To: <733bbe58-7c13-8abc-f0e6-3cbe979540ed@mit.edu>
From: Lars Francke <lars.francke@gmail.com>
Date: Fri, 8 Apr 2022 11:56:39 +0200
Message-ID: <CAD-Ua_h4BfxWMKZu+QqJCNUemWux56jmQ+J5U8LWqYFgJjGPwg@mail.gmail.com>
To: Greg Hudson <ghudson@mit.edu>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Thank you. We'll look into this again next week and will see if we can get
it running.
We must have taken a wrong turn somewhere.
Good to hear that it _should_ work!
On Fri, Apr 8, 2022 at 6:35 AM Greg Hudson <ghudson@mit.edu> wrote:
> On 4/7/22 16:19, Lars Francke wrote:
> > We tried to use kadm5_create_principal_3 and kadm5_randkey_principal_3
> but
> > we seem to be running into an issue. Ideally we'd like to call this
> > function with a handle (+ context) with an in-memory krb5.conf but that
> > does not seem to work so we create the files and refer to them in the
> > profile but kadmin still seems to load (is this related to the
> > "alt_profile"?) a file from a default location which means it'll use the
> > wrong connection details.
>
> krb5_init_context_profile() lets you supply a profile object. If this
> is created with profile_init_path(), the application should be able to
> strictly control which file is used.
>
> It is possible to create an in-memory profile with
> profile_init_vtable(). Perhaps it would be nicer if one could create an
> empty in-memory profile object and populate it with
> profile_add_relation(), but that is not currently implemented.
>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
