I use the kadm5 api to create princs and change keys. I do this with a memory keytab (well, I load a disk keytab while root, copy it to a memory keytab, and then drop privs), but I assume it's using the default system /etc/krb5.conf. I do have my krb5 client stuff build an in-memory conf and I hacked an API in for using that because there didn't used to be a way to do that, I think there is now, but I don't do kadm5 stuff the same way.
I'm happy to post my code for making princs and randkeying if you'd like.
Chris ------ Original Message ------ From: "Lars Francke" <lars.fran...@gmail.com> To: kerberos@mit.edu Sent: 2022-04-07 13:19:50 Subject: Creating a principal using the kadmin C API
Hi everyone, we're trying to create principals and keys using the kadmin C API. The normal API has some documentation[1] but unfortunately the kadmin API doesn't have any we could find. We tried to use kadm5_create_principal_3 and kadm5_randkey_principal_3 but we seem to be running into an issue. Ideally we'd like to call this function with a handle (+ context) with an in-memory krb5.conf but that does not seem to work so we create the files and refer to them in the profile but kadmin still seems to load (is this related to the "alt_profile"?) a file from a default location which means it'll use the wrong connection details. I am sorry for the vague description, it's been two weeks since we tried and I only now get around to writing it down. I'm happy to provide more details. In general though my question is whether there's a good way (maybe even an example and/or docs) to programatically create principals and keys using the kadmin API without resorting to calling kadmin and parsing stdout etc. Thank you very much for your help. Cheers, Lars [1] <https://web.mit.edu/kerberos/krb5-1.19/doc/appdev/refs/api/index.html> ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
