Creating a principal using the kadmin C API
Greg Hudson
ghudson at mit.edu
Sat May 7 02:24:58 EDT 2022
Many apologies; this got filed into my spam folder and I only just found it.
On 4/11/22 11:09, Teo Klestrup Röijezon wrote:
> profile_init_vtable() (or building it with profile_add_relation()) would be
> ideal, yes.
[...]
> However, the kadm5_init_*() family of functions (via init_any()) calls
> kadm5_get_config_params(), which in turn always loads its own profile by calling
> krb5_aprof_init() with a hard-coded choice of either DEFAULT_PROFILE_PATH or
> DEFAULT_KDC_PROFILE. This _is_ possible to override with environment
> variables, but that's a pretty big ask when linking to the library in-process.
I think this is a bug; the init functions and kadm5_get_config_params()
should use the profile object from the context argument. I have a
candidate patch that passes tests.
Unfortunately I don't think there's a viable workaround beyond the
options you have already considered.
More information about the Kerberos
mailing list