krb5_init_context()
Scot McKinley
scot.mckinley at oracle.com
Thu Sep 3 00:08:28 EDT 2020
Hi Greg, in looking at the header files, and your previous reply, it
appears that krb5_init_secure_context() may be exactly what i want.
> I don't think it will solve this problem, as it simply causes the
context to ignore environment variables.
Yes, i want a "krb5_init_context" that "ignores environment variables",
and thus retrieves its config in some other manner. In this case, it
appears that the "other manner" of retrieving config for
"krb5_init_secure_context" is some configuration files, which is a
problem, since we have our OWN config files.
This is strange. Isn't there a way to "init" a krb5 library context just
by *PASSING* the config directly to the init funciton?!?
Regards, Scot
On 9/2/2020 12:51 PM, Scot McKinley wrote:
> Hi Greg, the issue that i am talking about is that krb5_init_context()
> gets its config from the environment var KRB5_CONFIG. We are looking
> for an initialization of the krb5 context that doesn't rely on the
> environment. I was hoping that was krbt_init_secure_context(). Is
> there some OTHER way of passing the config that is retrieved via
> KRB5_CONFIG in a non environment variable manner?
>
> Thanks, Scot
>
> On 9/2/2020 11:56 AM, Greg Hudson wrote:
>> On 9/2/20 2:31 PM, Scot McKinley wrote:
>>> For our use of KfW, we are using krb5_init_context() as our initial
>>> call
>>> to krb5, attempting to use the environment interface defined for the
>>> API. The problem is that env on windows is not well supported and is
>>> buggy (env is actually cached at the loading of particular library).
>> I'm not sure what "the environment interface defined for the API" efers
>> to. But I am aware of
>> https://urldefense.com/v3/__https://krbdev.mit.edu/rt/Ticket/Display.html?id=2636__;!!GqivPVa7Brio!I5k04J1RiX44zosubuYy3_bkop72Wh1a9EPuo5rFAFcvY05iFe9qyQKfc46nGfRwDaQ$
>>
>> which unfortunately hasn't been resolved.
>>
>>> I see now that there is another API: krb5_init_secure_context(), which
>>> appears to be created to get around exactly this type of env
>>> problem. Do
>>> you let me know or point me to doc that shows the interface for this
>>> new
>>> function?
>> krb5_init_secure_context() isn't new--it was in the 1.0 release. I
>> don't think it will solve this problem, as it simply causes the context
>> to ignore environment variables. The documentation for it is at:
>>
>> https://urldefense.com/v3/__https://web.mit.edu/kerberos/krb5-latest/doc/appdev/refs/api/krb5_init_secure_context.html__;!!GqivPVa7Brio!I5k04J1RiX44zosubuYy3_bkop72Wh1a9EPuo5rFAFcvY05iFe9qyQKfc46n1NhXa3M$
>>
>>
>> It seems possible that you meant krb5_init_context_profile(), which was
>> added in release 1.10:
>>
>> https://urldefense.com/v3/__https://web.mit.edu/kerberos/krb5-latest/doc/appdev/refs/api/krb5_init_context_profile.html__;!!GqivPVa7Brio!I5k04J1RiX44zosubuYy3_bkop72Wh1a9EPuo5rFAFcvY05iFe9qyQKfc46nfpydYts$
>>
>>
>> This interface was created to make it possible to use
>> profile_init_vtable() with a krb5 context. See the comments in
>> profile.h for how to use that.
>>
>> (It would probably be easier if one could create a memory-only profile
>> object, either empty or from a file, and then use profile_add_relation()
>> and/or profile_update_relation() on it. But that hasn't been
>> implemented.)
More information about the krbdev
mailing list