create krb5 context without config files

[Bin Lu]

Hi Ben,

Thank you very much for your response. 

Krb5_init_context_profile() seems to init a context from an existing profile which could be retrieved from krb5_get_profile(). profile_init_vtable() is not a public API, so should not be recommended to use. 

Seems there isn't any other API to create a Kerberos context without using config files. Could you please confirm?

Thanks,
-binlu  

-----Original Message-----
From: Benjamin Kaduk [mailto:kaduk at MIT.EDU] 
Sent: Tuesday, June 10, 2014 8:22 PM
To: Bin Lu
Cc: krbdev at mit.edu
Subject: Re: create krb5 context without config files

On Tue, 10 Jun 2014, Bin Lu wrote:

> Hi,
>
> Is there a way to create a krb5 lib context without using any config 
> files, include /etc/krb5.conf and files set in environmental variables?
> Assume the realm/domain and kdc server info is already available.

For this I think you need to use krb5_init_context_profile(), with a profile derived from profile_init_vtable() (see <profile.h>).

I see that your previous message did not get answered, but it looks like if you are asking this question, you have gotten past it.  I will note that the server doing password verification will need to have kerberos credentials of its own and take care to avoid the Zanarotti attack.

-Ben Kaduk