[20158] in Kerberos_V5_Development
Re: krb5_init_context()
daemon@ATHENA.MIT.EDU (Scot McKinley)
Wed Sep 2 16:19:43 2020
To: Greg Hudson <ghudson@mit.edu>, krbdev@mit.edu
From: Scot McKinley <scot.mckinley@oracle.com>
Message-ID: <dd745617-2d5a-58be-51de-93f805b9fa74@oracle.com>
Date: Wed, 2 Sep 2020 12:51:06 -0700
MIME-Version: 1.0
In-Reply-To: <b3dd88b4-e4a7-6f95-cae8-81bf35eb2476@mit.edu>
Content-Language: en-US
Content-Type: text/plain; charset="utf-8"
Errors-To: krbdev-bounces@mit.edu
Content-Transfer-Encoding: 8bit
Hi Greg, the issue that i am talking about is that krb5_init_context()
gets its config from the environment var KRB5_CONFIG. We are looking for
an initialization of the krb5 context that doesn't rely on the
environment. I was hoping that was krbt_init_secure_context(). Is there
some OTHER way of passing the config that is retrieved via KRB5_CONFIG
in a non environment variable manner?
Thanks, Scot
On 9/2/2020 11:56 AM, Greg Hudson wrote:
> On 9/2/20 2:31 PM, Scot McKinley wrote:
>> For our use of KfW, we are using krb5_init_context() as our initial call
>> to krb5, attempting to use the environment interface defined for the
>> API. The problem is that env on windows is not well supported and is
>> buggy (env is actually cached at the loading of particular library).
> I'm not sure what "the environment interface defined for the API" efers
> to. But I am aware of
> https://urldefense.com/v3/__https://krbdev.mit.edu/rt/Ticket/Display.html?id=2636__;!!GqivPVa7Brio!I5k04J1RiX44zosubuYy3_bkop72Wh1a9EPuo5rFAFcvY05iFe9qyQKfc46nGfRwDaQ$
> which unfortunately hasn't been resolved.
>
>> I see now that there is another API: krb5_init_secure_context(), which
>> appears to be created to get around exactly this type of env problem. Do
>> you let me know or point me to doc that shows the interface for this new
>> function?
> krb5_init_secure_context() isn't new--it was in the 1.0 release. I
> don't think it will solve this problem, as it simply causes the context
> to ignore environment variables. The documentation for it is at:
>
> https://urldefense.com/v3/__https://web.mit.edu/kerberos/krb5-latest/doc/appdev/refs/api/krb5_init_secure_context.html__;!!GqivPVa7Brio!I5k04J1RiX44zosubuYy3_bkop72Wh1a9EPuo5rFAFcvY05iFe9qyQKfc46n1NhXa3M$
>
> It seems possible that you meant krb5_init_context_profile(), which was
> added in release 1.10:
>
> https://urldefense.com/v3/__https://web.mit.edu/kerberos/krb5-latest/doc/appdev/refs/api/krb5_init_context_profile.html__;!!GqivPVa7Brio!I5k04J1RiX44zosubuYy3_bkop72Wh1a9EPuo5rFAFcvY05iFe9qyQKfc46nfpydYts$
>
> This interface was created to make it possible to use
> profile_init_vtable() with a krb5 context. See the comments in
> profile.h for how to use that.
>
> (It would probably be easier if one could create a memory-only profile
> object, either empty or from a file, and then use profile_add_relation()
> and/or profile_update_relation() on it. But that hasn't been implemented.)
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
