Is there a way to steer kinit to a specific kdc?
Carson Gaspar
carson at taltos.org
Wed Apr 5 12:33:17 EDT 2023
On 4/5/2023 9:11 AM, Greg Hudson wrote:
> On 4/5/23 00:52, Dan Mahoney (Gushi) wrote:
>> Can neither mit kinit nor the heimdal one supplied with BSD systems
>> by default, not just be forced to a single KDC?
>
> It can't, and the library APIs don't really enable it.
If krb5_init_context_profile() actually did what it said, rather than
creating a new profile based on the embedded profile path, it would be
easy (profile_init_path(), change the KDC settings in the profile, pass
it to krb5_init_context_profile()). As is you have to manipulate
internal-only krb5 context struct data to override anything.
There was a thread a while ago discussing fixing this API mistake - did
it ever go anywhere?
--
Carson
More information about the Kerberos
mailing list