Creating a principal using the kadmin C API
Chris Hecker
checker at d6.com
Thu Apr 7 21:40:38 EDT 2022
I use the kadm5 api to create princs and change keys. I do this with a
memory keytab (well, I load a disk keytab while root, copy it to a
memory keytab, and then drop privs), but I assume it's using the default
system /etc/krb5.conf. I do have my krb5 client stuff build an
in-memory conf and I hacked an API in for using that because there
didn't used to be a way to do that, I think there is now, but I don't do
kadm5 stuff the same way.
I'm happy to post my code for making princs and randkeying if you'd
like.
Chris
------ Original Message ------
From: "Lars Francke" <lars.francke at gmail.com>
To: kerberos at mit.edu
Sent: 2022-04-07 13:19:50
Subject: Creating a principal using the kadmin C API
>Hi everyone,
>
>we're trying to create principals and keys using the kadmin C API.
>The normal API has some documentation[1] but unfortunately the kadmin API
>doesn't have any we could find.
>
>We tried to use kadm5_create_principal_3 and kadm5_randkey_principal_3 but
>we seem to be running into an issue. Ideally we'd like to call this
>function with a handle (+ context) with an in-memory krb5.conf but that
>does not seem to work so we create the files and refer to them in the
>profile but kadmin still seems to load (is this related to the
>"alt_profile"?) a file from a default location which means it'll use the
>wrong connection details.
>
>I am sorry for the vague description, it's been two weeks since we tried
>and I only now get around to writing it down. I'm happy to provide more
>details.
>
>In general though my question is whether there's a good way (maybe even an
>example and/or docs) to programatically create principals and keys using
>the kadmin API without resorting to calling kadmin and parsing stdout etc.
>
>Thank you very much for your help.
>
>Cheers,
>Lars
>
>[1] <https://web.mit.edu/kerberos/krb5-1.19/doc/appdev/refs/api/index.html>
>________________________________________________
>Kerberos mailing list Kerberos at mit.edu
>https://mailman.mit.edu/mailman/listinfo/kerberos
More information about the Kerberos
mailing list