[39083] in Kerberos
Re: Creating a principal using the kadmin C API
daemon@ATHENA.MIT.EDU (Greg Hudson)
Sat May 7 02:29:03 2022
Message-ID: <e9dbf862-9235-d0ec-0c9e-eedc9ab80a81@mit.edu>
Date: Sat, 7 May 2022 02:24:58 -0400
MIME-Version: 1.0
Content-Language: en-US
To: =?UTF-8?Q?Teo_Klestrup_R=c3=b6ijezon?= <teo.roijezon@stackable.de>
Cc: kerberos@mit.edu
From: Greg Hudson <ghudson@mit.edu>
In-Reply-To: <2957453.irdbgypaU6@teo-dator-newarch>
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
Many apologies; this got filed into my spam folder and I only just found it.
On 4/11/22 11:09, Teo Klestrup Röijezon wrote:
> profile_init_vtable() (or building it with profile_add_relation()) would be
> ideal, yes.
[...]
> However, the kadm5_init_*() family of functions (via init_any()) calls
> kadm5_get_config_params(), which in turn always loads its own profile by calling
> krb5_aprof_init() with a hard-coded choice of either DEFAULT_PROFILE_PATH or
> DEFAULT_KDC_PROFILE. This _is_ possible to override with environment
> variables, but that's a pretty big ask when linking to the library in-process.
I think this is a bug; the init functions and kadm5_get_config_params()
should use the profile object from the context argument. I have a
candidate patch that passes tests.
Unfortunately I don't think there's a viable workaround beyond the
options you have already considered.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
