[20159] in Kerberos_V5_Development
Re: krb5_init_context()
daemon@ATHENA.MIT.EDU (Scot McKinley)
Thu Sep 3 02:08:36 2020
From: Scot McKinley <scot.mckinley@oracle.com>
To: Greg Hudson <ghudson@mit.edu>, krbdev@mit.edu
Message-ID: <18854aca-994d-9172-1511-c175e70c7eae@oracle.com>
Date: Wed, 2 Sep 2020 21:08:28 -0700
MIME-Version: 1.0
In-Reply-To: <dd745617-2d5a-58be-51de-93f805b9fa74@oracle.com>
Content-Language: en-US
Content-Type: text/plain; charset="utf-8"
Errors-To: krbdev-bounces@mit.edu
Content-Transfer-Encoding: 8bit
Hi Greg, in looking at the header files, and your previous reply, it
appears that krb5_init_secure_context() may be exactly what i want.
> I don't think it will solve this problem, as it simply causes the
context to ignore environment variables.
Yes, i want a "krb5_init_context" that "ignores environment variables",
and thus retrieves its config in some other manner. In this case, it
appears that the "other manner" of retrieving config for
"krb5_init_secure_context" is some configuration files, which is a
problem, since we have our OWN config files.
This is strange. Isn't there a way to "init" a krb5 library context just
by *PASSING* the config directly to the init funciton?!?
Regards, Scot
On 9/2/2020 12:51 PM, Scot McKinley wrote:
> Hi Greg, the issue that i am talking about is that krb5_init_context()
> gets its config from the environment var KRB5_CONFIG. We are looking
> for an initialization of the krb5 context that doesn't rely on the
> environment. I was hoping that was krbt_init_secure_context(). Is
> there some OTHER way of passing the config that is retrieved via
> KRB5_CONFIG in a non environment variable manner?
>
> Thanks, Scot
>
> On 9/2/2020 11:56 AM, Greg Hudson wrote:
>> On 9/2/20 2:31 PM, Scot McKinley wrote:
>>> For our use of KfW, we are using krb5_init_context() as our initial
>>> call
>>> to krb5, attempting to use the environment interface defined for the
>>> API. The problem is that env on windows is not well supported and is
>>> buggy (env is actually cached at the loading of particular library).
>> I'm not sure what "the environment interface defined for the API" efers
>> to. But I am aware of
>> https://urldefense.com/v3/__https://krbdev.mit.edu/rt/Ticket/Display.html?id=2636__;!!GqivPVa7Brio!I5k04J1RiX44zosubuYy3_bkop72Wh1a9EPuo5rFAFcvY05iFe9qyQKfc46nGfRwDaQ$
>>
>> which unfortunately hasn't been resolved.
>>
>>> I see now that there is another API: krb5_init_secure_context(), which
>>> appears to be created to get around exactly this type of env
>>> problem. Do
>>> you let me know or point me to doc that shows the interface for this
>>> new
>>> function?
>> krb5_init_secure_context() isn't new--it was in the 1.0 release. I
>> don't think it will solve this problem, as it simply causes the context
>> to ignore environment variables. The documentation for it is at:
>>
>> https://urldefense.com/v3/__https://web.mit.edu/kerberos/krb5-latest/doc/appdev/refs/api/krb5_init_secure_context.html__;!!GqivPVa7Brio!I5k04J1RiX44zosubuYy3_bkop72Wh1a9EPuo5rFAFcvY05iFe9qyQKfc46n1NhXa3M$
>>
>>
>> It seems possible that you meant krb5_init_context_profile(), which was
>> added in release 1.10:
>>
>> https://urldefense.com/v3/__https://web.mit.edu/kerberos/krb5-latest/doc/appdev/refs/api/krb5_init_context_profile.html__;!!GqivPVa7Brio!I5k04J1RiX44zosubuYy3_bkop72Wh1a9EPuo5rFAFcvY05iFe9qyQKfc46nfpydYts$
>>
>>
>> This interface was created to make it possible to use
>> profile_init_vtable() with a krb5 context. See the comments in
>> profile.h for how to use that.
>>
>> (It would probably be easier if one could create a memory-only profile
>> object, either empty or from a file, and then use profile_add_relation()
>> and/or profile_update_relation() on it. But that hasn't been
>> implemented.)
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
