[20157] in Kerberos_V5_Development
Re: krb5_init_context()
daemon@ATHENA.MIT.EDU (Greg Hudson)
Wed Sep 2 14:57:12 2020
To: Scot McKinley <scot.mckinley@oracle.com>, <krbdev@mit.edu>
From: Greg Hudson <ghudson@mit.edu>
Message-ID: <b3dd88b4-e4a7-6f95-cae8-81bf35eb2476@mit.edu>
Date: Wed, 2 Sep 2020 14:56:37 -0400
MIME-Version: 1.0
In-Reply-To: <86b464bc-12d7-27dc-55f3-1678d7d469c7@oracle.com>
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
On 9/2/20 2:31 PM, Scot McKinley wrote:
> For our use of KfW, we are using krb5_init_context() as our initial call
> to krb5, attempting to use the environment interface defined for the
> API. The problem is that env on windows is not well supported and is
> buggy (env is actually cached at the loading of particular library).
I'm not sure what "the environment interface defined for the API" efers
to. But I am aware of
https://krbdev.mit.edu/rt/Ticket/Display.html?id=2636
which unfortunately hasn't been resolved.
> I see now that there is another API: krb5_init_secure_context(), which
> appears to be created to get around exactly this type of env problem. Do
> you let me know or point me to doc that shows the interface for this new
> function?
krb5_init_secure_context() isn't new--it was in the 1.0 release. I
don't think it will solve this problem, as it simply causes the context
to ignore environment variables. The documentation for it is at:
https://web.mit.edu/kerberos/krb5-latest/doc/appdev/refs/api/krb5_init_secure_context.html
It seems possible that you meant krb5_init_context_profile(), which was
added in release 1.10:
https://web.mit.edu/kerberos/krb5-latest/doc/appdev/refs/api/krb5_init_context_profile.html
This interface was created to make it possible to use
profile_init_vtable() with a krb5 context. See the comments in
profile.h for how to use that.
(It would probably be easier if one could create a memory-only profile
object, either empty or from a file, and then use profile_add_relation()
and/or profile_update_relation() on it. But that hasn't been implemented.)
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
