MIT krb5 has no "site" support.
Donn Cave
donn at u.washington.edu
Fri Sep 1 12:44:11 EDT 2006
In article <pan.2006.09.01.01.34.00.239909 at samba.org>,
Jeremy Allison <jra at samba.org> wrote:
> On Thu, 31 Aug 2006 12:22:47 -0700, Donn Cave wrote:
>
> > Custom krb5.conf isn't very elegant, but apart from that, would you agree
> > that this fits in the general area of configuration data from alternate
> > sources?
> >
> > I mean, it seems like it would be better to use the existing configurable
> > library parameters if possible, rather than add to what's already a fairly
> > complex configuration diagram. Would something like the following be an
> > improvement?
> >
> > include "k5-int.h"
> >
> > const char *kdc[4] = {"realms", 0, "kdc", 0};
> >
> > kdc[1] = this_realm;
> >
> > err = profile_clear_relation(kcontext->profile, kdc);
> >
> > err = profile_add_relation(kcontext->profile, kdc, localkdc);
>
> Interesting - are you saying there's already a way in 1.5.x
> to do this ? I can create a context then manipulate the
> KDC -> IP address association in it ? I notice you're
> using k5-int.h - I take it this is an internal only API.
Yes, I suppose it's internal. Ideally, Ithink MIT
probably recognizes that this functionality is needed
in some form, though, even if they're not committed to
this particular way to achieve it.
I don't actually know whether the above works in 1.5.x -
due static build requirements, I have elected to stay with
1.4 while I can, and that's where I tested the above.
It's effectively the same as a custom krb5.conf, with
respect to that one parameter.
Donn Cave, donn at u.washington.edu
More information about the Kerberos
mailing list