Porting k5start to Heimdal
Chaskiel M Grundman
cg2v at andrew.cmu.edu
Thu May 5 12:52:12 EDT 2005
On Wed, 4 May 2005, Russ Allbery wrote:
> Chaskiel M Grundman <cg2v at andrew.cmu.edu> writes:
>
>> It doesn't seem to be inheriting any appdefaults or libdefaults (It
>> acquires 10 hour, non-forwardable, non-addressless tickets, despite my
>> configuration settings), but I know how to fix that if I get motivated
>> to do so.
>
> How? I was assuming that the Kerberos libraries would take care of that
> for me, but apparently not. (Do they even on MIT, or does one always have
> to do that manually?)
Under heimdal, the mechanism is:
void
krb5_get_init_creds_opt_set_default_flags
(
krb5_context /*context*/,
const char */*appname*/,
krb5_const_realm /*realm*/,
krb5_get_init_creds_opt */*opt*/);
It will acquire defaults from the appname's section of [appdefaults], the
realm's section in [realms] (I think), and the [libdefaults] section, in
that order. The several-year-old mit sources I have laying around do not
have this function. Instead, krb5_get_init_creds calls krb5_libdefault_*
to get the values of the forwardable, proxiable, renew_lifetime, and
noaddresses libdefaults (but not ticket_lifetime???) if they are not set
in the krb5_get_init_creds_opt structure.
More information about the Kerberos
mailing list