Creating a principal using the kadmin C API

Chris Hecker checker at d6.com
Fri Apr 8 13:53:58 EDT 2022


> Perhaps it would be nicer if one could create an empty in-memory profile
object and populate it with profile_add_relation(), but that is not
currently implemented.

I think I did it this way when I hacked my API in back in days of yore and
it was nice and clean.  I’ll look when I’m at my computer.

Chris


On Thu, Apr 7, 2022 at 22:42 Greg Hudson <ghudson at mit.edu> wrote:

> On 4/7/22 16:19, Lars Francke wrote:
> > We tried to use kadm5_create_principal_3 and kadm5_randkey_principal_3
> but
> > we seem to be running into an issue. Ideally we'd like to call this
> > function with a handle (+ context) with an in-memory krb5.conf but that
> > does not seem to work so we create the files and refer to them in the
> > profile but kadmin still seems to load (is this related to the
> > "alt_profile"?) a file from a default location which means it'll use the
> > wrong connection details.
>
> krb5_init_context_profile() lets you supply a profile object.  If this
> is created with profile_init_path(), the application should be able to
> strictly control which file is used.
>
> It is possible to create an in-memory profile with
> profile_init_vtable().  Perhaps it would be nicer if one could create an
> empty in-memory profile object and populate it with
> profile_add_relation(), but that is not currently implemented.
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>


More information about the Kerberos mailing list