Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  nodelist  faq  login

If you have a procedure with 10 parameters, you probably missed some.


computers / comp.protocols.kerberos / Re: Creating a principal using the kadmin C API

SubjectAuthor
o Re: Creating a principal using the kadmin C APIGreg Hudson

1
Subject: Re: Creating a principal using the kadmin C API
From: Greg Hudson
Newsgroups: comp.protocols.kerberos
Organization: TNet Consulting
Date: Sat, 7 May 2022 06:24 UTC
References: 1 2 3 4
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!tncsrv06.tnetconsulting.net!.POSTED.mailman.mit.edu!not-for-mail
From: ghud...@mit.edu (Greg Hudson)
Newsgroups: comp.protocols.kerberos
Subject: Re: Creating a principal using the kadmin C API
Date: Sat, 7 May 2022 02:24:58 -0400
Organization: TNet Consulting
Lines: 18
Message-ID: <mailman.51.1651904708.8148.kerberos@mit.edu>
References: <CAD-Ua_ifa=vo4PEzy3kx-5FB3J+hhN_2BTuS7O=E+hfudRbV4Q@mail.gmail.com>
<733bbe58-7c13-8abc-f0e6-3cbe979540ed@mit.edu>
<2957453.irdbgypaU6@teo-dator-newarch>
<e9dbf862-9235-d0ec-0c9e-eedc9ab80a81@mit.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Injection-Info: tncsrv06.tnetconsulting.net; posting-host="mailman.mit.edu:18.7.21.50";
logging-data="27752"; mail-complaints-to="newsmaster@tnetconsulting.net"
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
Thunderbird/91.7.0
Cc: kerberos@mit.edu
To: Teo_Klestrup_Röijezon <teo.roijezon@stackable.de>
ARC-Seal: i=3; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass;
b=SQ+KbPAf9SQ4PRbuJWZjW02lpE1bsaZ/KhMZAAcEPRoe8xbotAE0NOD2ra8j1+WuTTHATG6vBMgq6tJha+dMXZW1ji65uGzkUUX5vyckWhxuQCaRvo2YMTfgELOF+w4sFA5MdiK6118Prgi+Cv4irsZ2+nXS+Ah2RzyhgoEm+ueSCQmPfyNHEQE9ZPt3XLKuMiUhc/BxYRpFPNR6nTrHioQyGOWg+2jeKLYptbQEDLaR6XhJ3YsCfmgwWZbc0quZBKJRb6/NLaDz5Cu2/IRIofNRudvmi7/eH5gmumjfYdZpTIWTMpwfra3KiJbgyx87Yw6FE6Zmg4716GJBZ7cVjw==
ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=EFg/lI3Wrx2kl9gyg84wYyn5xPa13UtQY9YLkwg5Zzw=;
b=SWuGQpXwDBsPNyn4GFZ6le+2apJFyVmwVdV4Asd3k8PWw/FChHN+d/gUIwTyihxcEN4C7k2u6efi1ce1LjjfOx7SvPZfIzmxXX8gRH50TP/Gt9sRhYrAnVcK0meCPRNSJjW4gCMROeMB6nIUDpnLndoUzqYPCPjuuqIupZ6z9CBeib+2bkwhiWHZUr7k+rkxKWFPfDlbXw0U1Fm9H8Ms1rKBEfI2muAjPtdVbWEl6uaOeV+EuNDX3JDHHsaHJQuDmeIjJPrdq7V/4z862ofn+TCz7amM8WXaswsYj7lg2BZTfJv7VcltrO6ekJX5zLnuVLd6fz48Jgdx01P2VpGSyA==
ARC-Authentication-Results: i=3; mx.microsoft.com 1; spf=pass (sender ip is
18.9.28.11) smtp.rcpttodomain=mit.edu smtp.mailfrom=mit.edu; dmarc=pass
(p=none sp=none pct=100) action=none header.from=mit.edu; dkim=pass
(signature was verified) header.d=mit.edu; arc=pass (0 oda=0 ltdi=0 93)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=selector2;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=EFg/lI3Wrx2kl9gyg84wYyn5xPa13UtQY9YLkwg5Zzw=;
b=j76ZwZReaZG3iRFrmLaY1TufKtD+4HMpt4yyjQQ3jyt+BnUW71I6/xkjHBzbby+WOYZJv3fiAQ6WI0wkPAOi+nPSWfB4CfillwzPpQNGP/r791OqJswmBy4KBgNK5SUxGf/cyeRt8q7OrwFIyzHv7KekOPSVuLUH8gwhrhb7HLQ=
ARC-Seal: i=2; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass;
b=fGsPcFf2YHesm/RZ00kjYtEvTRHJViYhZVxT95AIPbPetz/K78/tXZGdUhTK8+NXEGOUgtynNdJJ/N/XJcEW21OmFmaWiMGvN9uTgCL2hflv9EoKgqweSf/2lwZECjHEpg6ylxgeAp8ysLlDvXJsp0m6mvXInMG6mg57nnuG26I5iKZV/At5lengug5Kocxa/jmXxh5U0YG9tRSNNIJ/TrsOggXMQeMH91g7eYYfp2bDKCSVL+E4fjlSFO7ks12hd51AcQwdebbl6drK0Y1LBMZJPd7vIGbbjIF9WNrcbD91kJ6Pu5VjQB8RLWeGCyVtjHDGZZzNXkdclbSobl3hzQ==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=EFg/lI3Wrx2kl9gyg84wYyn5xPa13UtQY9YLkwg5Zzw=;
b=K5WEPgpaGo25vd4cqgBbcyqrTApxR/6UArYGX1s4p9+b77cP9WirfEkS7xfqu2SzEkAKmj2AXEHqR8ws8ZRXq7DslevKVJoLhcDtg0kzItEHOvyTa7i1a4jko8O1KAttOM+LMQ4oNB7d/8r0aPpXRwNajAcIXrvlmjLZ6a9crX0f067z0FjCg6puoXBDvCUUiqKWQpAG4kfBH5FQaHyTeYRwCV6I1huT5dqoHEk8FgEwY0dB+Klb5fyfAv8ZoTPaBLTZEYDyUGMZk2fmFOthA+SFjdaKHOfVVDQ0FqGXfLfu34RBYikEZRwz/nyeGzUq1xwVLwmLgKn3xpvpHK37Dg==
ARC-Authentication-Results: i=2; mx.microsoft.com 1; spf=pass (sender ip is
18.9.28.11) smtp.rcpttodomain=mit.edu smtp.mailfrom=mit.edu; dmarc=pass
(p=none sp=none pct=100) action=none header.from=mit.edu; dkim=pass
(signature was verified) header.d=mit.edu; arc=pass (0 oda=0 ltdi=0 93)
Authentication-Results: spf=pass (sender IP is 18.9.28.11)
smtp.mailfrom=mit.edu; dkim=pass (signature was verified)
header.d=mit.edu;dmarc=pass action=none header.from=mit.edu;
Received-SPF: Pass (protection.outlook.com: domain of mit.edu designates
18.9.28.11 as permitted sender) receiver=protection.outlook.com;
client-ip=18.9.28.11; helo=outgoing.mit.edu;
Authentication-Results-Original: mit.edu; arc=none
ARC-Seal: i=1; a=rsa-sha256; d=mit.edu; s=arc; t=1651904701; cv=none;
b=JLKqzGMG0Tw8mOBsARisKnoXd+9HZCP25gIfxoxv8e2nQrnNFqC62WG7RWzUp33/r6fcwwprTovsZgvc8Q5L0J+KSRIIo84vfgZtGQ1wyxr/gWs5wgS4yN0TQtYUetWAKcSGysWjnpnCtA55x8XtPsDNkvY2/K+iFfSsA20lJCQlno4nKghbyw1Wr5NKg8iuGTAdgj41jPkKLTgM3PlEumPIEVjqiyu4Uz17GBPQq9xpag5fJZ3sH3acevyLBpi/GsbRnBDYDWXfTYNccdxn8xqOE5vuBUFltIf32tf0Rb7xZW1GCUIC8B+GFrW9wwKih11RXQRvKepACxWluV651w==
ARC-Message-Signature: i=1; a=rsa-sha256; d=mit.edu; s=arc; t=1651904701;
c=relaxed/relaxed; bh=EFg/lI3Wrx2kl9gyg84wYyn5xPa13UtQY9YLkwg5Zzw=;
h=DKIM-Signature:Message-ID:Date:MIME-Version:Subject:To:From;
b=KWewMMrV+Wcqw/RL7zdpYEYV2Sxgq7DBJsP5a0gtKts6B4JQ+SbnqqVs7Ep8u2tUHjBvImYxKfufYk7l5Xe+6ZVw+W58sq+pmBjthpkrjBDcgjrOzwKMBX3sZsygizgehEPvAy/BnTpClA8q7dQcN86CUoZmPiz86B/5Z4XuVFA5cYgY+QuXeLywfNB0eEQE6CRuR+NUDlBRIUqyEanpTYPp3L/SxlzCXlFERU+hALu4VkVHNnQcB2yDKiaoLYd2Wjotakm5Txc92ISXiSCopiZlU2Oka0Rcuo9bk0h7PuvQYgUta8ILExXm9xMh/LGA6uI9l/8CwJjXxElSBPh1Cw==
ARC-Authentication-Results: i=1; mit.edu; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=outgoing;
t=1651904701; bh=EFg/lI3Wrx2kl9gyg84wYyn5xPa13UtQY9YLkwg5Zzw=;
h=Date:Subject:To:Cc:References:From:In-Reply-To;
b=Y46gFwRU3NYkj3wIvguFCe5OR3RjTZbrCyJ/FhhHW6KKS58hrXtPXMDIF+2AWcN9M
EIVmzqvt1c+PvNHWbfQbrl1JVZ4b9jf9B/mE5CW+SDBNXvw3207fmeaGHv9+a2Uvt6
OakbN5+NaIZJWsSfbpL3lN45HgMLE10fARf2Nu7MLDJGW2yK1ilfGXfhiOUYbvxuAG
SFFRSe0HvgiijiCw7MXPfuB8tXPXZTpBtWP93foeyZi0Tj+woS2/wYlG/hQSKA9iAZ
va0qfwFf0Ty6/e3oQBUU6MLrFxoqI4Ke/oDygeXyMgrRBw4af9HiFOQTffT2G403+z
8878PlUub9nMg==
Content-Language: en-US
In-Reply-To: <2957453.irdbgypaU6@teo-dator-newarch>
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b:0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: e5b544b7-f3d5-4f84-c7a1-08da2ff251b5
X-MS-TrafficTypeDiagnostic: PH0PR01MB6650:EE_
X-LD-Processed: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b,ExtAddr
X-MS-Exchange-AtpMessageProperties: SA
X-Microsoft-Antispam-PRVS: <PH0PR01MB6650B2C791897824D5C47579BCC49@PH0PR01MB6650.prod.exchangelabs.com>
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: CmEjfOJfATAada2pzZKSJzeEmC0ml7tCoTeuNUD/zb4xHoCg5pPA930wxnyYL/KJfZTp/jQmWgCFTO2OJO9IvDC6RrYhe6H3IK7/Adb/Upej+Hfb+TRm6QSgTPVHt7boL/Pw+vykmst0BIpBsFunQ9X+YhwSnI+26RQzU1WlMcZ6DoL4ML5PZObQ+eXTJI8DmQNViUIvBbJ7TI9o22lfjIC9KAwrlHnLCruEdqvoKWNDsPFoApywoDfQzIxqV9ldyfE4mhWM4Nyy9hHOySXpZ2O9vHWdapbJ1bJI2i71Hw+w2uoOW5HbBZ5l0NrcdOk5qcHdQB4EnTfG/XHkfHHRYCcquJMPmz0RIUwnynFG/qZubguELh6nAi6qFwaUAelrd++G84rhHiEYB2XyZNCUQp2F9E4Te6lEgA31wVK3clMCMgpbdNr5wSAgwP8N/iEZqGdq48XqUnkIVLW37p/C/XkA+ShUwg0BAc9ZeGAOCJrv6h1FA2b/xNaECertNNbE3oG+yUrSeXRGCeu9ZspzuMP2EE2R8531/dA/hozHTBoo7RwWih3l6tf10S8E1EjfeaWWbrZ3Ao9qtz9cKr/X6zJo1rYfg9qdzhW13EfT0sCLQqXy+ZHF4d3MijkYNsA3jDqusw0j76+tQC7n+mCvhmG8EL5aGOIInlsVaFNs0jIEEWeLnHuIId5Gi/pFNtaW8YN7Iq4+juvhFgMxV1+60w==
X-Forefront-Antispam-Report: CIP:18.9.28.11; CTRY:US; LANG:en; SCL:1; SRV:;
IPV:CAL; SFV:NSPM; H:outgoing.mit.edu; PTR:outgoing-auth-1.mit.edu; CAT:NONE;
SFS:(13230001)(4636009)(31686004)(36756003)(6706004)(786003)(316002)(508600001)(83380400001)(5660300002)(4326008)(68406010)(6862004)(70586007)(2906002)(4744005)(8676002)(86362001)(53546011)(2616005)(956004)(336012)(66574015)(426003)(26005)(7696005)(31696002)(75432002)(356005)(43740500002);
DIR:OUT; SFP:1102;
X-Auto-Response-Suppress: DR, OOF, AutoReply
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 May 2022 06:25:02.1743 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: e5b544b7-f3d5-4f84-c7a1-08da2ff251b5
X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-AuthSource: CO1NAM11FT063.eop-nam11.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR01MB6650
X-OriginatorOrg: mit.edu
X-BeenThere: kerberos@mit.edu
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: The Kerberos Authentication System Mailing List <kerberos.mit.edu>
List-Unsubscribe: <https://mailman.mit.edu/mailman/options/kerberos>,
<mailto:kerberos-request@mit.edu?subject=unsubscribe>
List-Archive: <http://mailman.mit.edu/pipermail/kerberos/>
List-Post: <mailto:kerberos@mit.edu>
List-Help: <mailto:kerberos-request@mit.edu?subject=help>
List-Subscribe: <https://mailman.mit.edu/mailman/listinfo/kerberos>,
<mailto:kerberos-request@mit.edu?subject=subscribe>
X-Mailman-Original-Message-ID: <e9dbf862-9235-d0ec-0c9e-eedc9ab80a81@mit.edu>
X-Mailman-Original-References: <CAD-Ua_ifa=vo4PEzy3kx-5FB3J+hhN_2BTuS7O=E+hfudRbV4Q@mail.gmail.com>
<733bbe58-7c13-8abc-f0e6-3cbe979540ed@mit.edu>
<2957453.irdbgypaU6@teo-dator-newarch>
View all headers
Many apologies; this got filed into my spam folder and I only just found it.

On 4/11/22 11:09, Teo Klestrup Röijezon wrote:
profile_init_vtable() (or building it with profile_add_relation()) would be
ideal, yes.
[...]
However, the kadm5_init_*() family of functions (via init_any()) calls
kadm5_get_config_params(), which in turn always loads its own profile by calling
krb5_aprof_init() with a hard-coded choice of either DEFAULT_PROFILE_PATH or
DEFAULT_KDC_PROFILE. This _is_ possible to override with environment
variables, but that's a pretty big ask when linking to the library in-process.

I think this is a bug; the init functions and kadm5_get_config_params()
should use the profile object from the context argument.  I have a
candidate patch that passes tests.

Unfortunately I don't think there's a viable workaround beyond the
options you have already considered.


1
rocksolid light 0.7.2
clearneti2ptor