How to extend kadmin

Jeffrey Hutzelman jhutz at
Tue Oct 27 12:20:38 EDT 2009

--On Tuesday, October 27, 2009 10:59:06 AM -0500 Nicolas Williams 
<Nicolas.Williams at> wrote:

>> * However, Nico notes that the way we marshal krb5_principal is
>> problematic for using rpcgen.  I looked into this myself: we call
>> krb5_unparse_name on encode and krb5_parse_name on decode.  Does rpcgen
>> support app-defined encoding functions for particular fields?  If not, I
>> am doubtful that we will ever be in the position of being able to use
>> a .x file to define the kadmin protocol without starting over.
> No, you can't, but what you could do is declare the kadm5 krb5 princ
> data type to be "opaque" and then do the parsing/unparsing at the
> application layer.
> Ah, so, yes, you can handle krb5 princ names the Right Way (tm).

You could make it opaque, but given that it's the output of 
krb5_unparse_name(), IMHO it would be better to call a string<> a string<>.

More information about the krbdev mailing list