kadm headers

[Marcus Watts]

"Moritz" == Moritz Bechler <mbechler at eenterphace.org> wrote:
...
> Hi, I'm currently working on a administrative tool to
> manage different services a mit kdc amongst them and now
> wanted to know whether there is any specific reason for
> the kadmin headers not being installed?
...

We do something somewhat similar.  There are most likely just
2 files that you need to link to kadm5.  In a configured & built
mit k5 tree, they appear as:
	include/kadm5/admin.h
	include/kadm5/kadm_err.h
You'll probably want to copy these files elsewhere.
You can use kadm_err.h as is.
admin.h includes several include files you probably don't
need (and certainly don't need included here ).
Here's a perl command to hack them out:
	perl -pi -e 'BEGIN{$p=
	qr(<gssrpc/rpc.h|k5-int.h|kadm5/adb_err.h|kadm5/chpass_util_strings.h>);}
	print "//!Moritz "if (m/$p/);' admin.h

Note that since MIT doesn't support kadm5 as a "public" interface
there's no guarantee this will continue to work from version to version.

With -I's pointed at your regular installed headers & the modified
kadm5 headers, you should able to use:
	krb5.h
	krb5/kdb.h
	kadm5/kadm_err.h
	kadm5/admin.h
I don't think you need gssrpc/rpc.h or rpc/xdr.h or anything else.
You might need to do something about krb5/kdb.h, if your version
didn't install that.  krb5/kdb.h is in the source tree.

You may also find it interesting to look at
	Authen::Krb5::Admin
available from cpan.  They just copy the necessary data declarations
(kadm5_principal_ent_rec, kadm5_policy_ent_rec, krb5_tl_data,
krb5_key_data, etc.) into their code (probably changing the name.)
You could take that source, throw away the perl module, and keep the
data types.  The MIT folks are good about preserving wire level
compatibility between different versions of kerberos, so this is a
more dependable and safe approach than might seem to be the case.

				-Marcus Watts
				University of Michigan