Thank you! Yeah, our problem is that we want to create Keytabs for multiple different KDCs automatically. I would still be very much interested in your code, I assume we can still learn something and then - together with Greg's answer - figure out what we need to do.
On Fri, Apr 8, 2022 at 3:49 AM Chris Hecker <chec...@d6.com> wrote: > > I use the kadm5 api to create princs and change keys. I do this with a > memory keytab (well, I load a disk keytab while root, copy it to a > memory keytab, and then drop privs), but I assume it's using the default > system /etc/krb5.conf. I do have my krb5 client stuff build an > in-memory conf and I hacked an API in for using that because there > didn't used to be a way to do that, I think there is now, but I don't do > kadm5 stuff the same way. > > I'm happy to post my code for making princs and randkeying if you'd > like. > > Chris > > > > ------ Original Message ------ > From: "Lars Francke" <lars.fran...@gmail.com> > To: kerberos@mit.edu > Sent: 2022-04-07 13:19:50 > Subject: Creating a principal using the kadmin C API > > >Hi everyone, > > > >we're trying to create principals and keys using the kadmin C API. > >The normal API has some documentation[1] but unfortunately the kadmin API > >doesn't have any we could find. > > > >We tried to use kadm5_create_principal_3 and kadm5_randkey_principal_3 but > >we seem to be running into an issue. Ideally we'd like to call this > >function with a handle (+ context) with an in-memory krb5.conf but that > >does not seem to work so we create the files and refer to them in the > >profile but kadmin still seems to load (is this related to the > >"alt_profile"?) a file from a default location which means it'll use the > >wrong connection details. > > > >I am sorry for the vague description, it's been two weeks since we tried > >and I only now get around to writing it down. I'm happy to provide more > >details. > > > >In general though my question is whether there's a good way (maybe even an > >example and/or docs) to programatically create principals and keys using > >the kadmin API without resorting to calling kadmin and parsing stdout etc. > > > >Thank you very much for your help. > > > >Cheers, > >Lars > > > >[1] < > https://web.mit.edu/kerberos/krb5-1.19/doc/appdev/refs/api/index.html> > >________________________________________________ > >Kerberos mailing list Kerberos@mit.edu > >https://mailman.mit.edu/mailman/listinfo/kerberos > > > ________________________________________________ > Kerberos mailing list Kerberos@mit.edu > https://mailman.mit.edu/mailman/listinfo/kerberos > ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
