[39221] in Kerberos
Re: Is there a way to steer kinit to a specific kdc?
daemon@ATHENA.MIT.EDU (Carson Gaspar)
Wed Apr 5 12:38:44 2023
Message-ID: <bb731e57-97e2-3a77-1363-c5b47d29a9c4@taltos.org>
Date: Wed, 5 Apr 2023 09:33:17 -0700
MIME-Version: 1.0
To: kerberos@mit.edu
Content-Language: en-US
From: Carson Gaspar <carson@taltos.org>
In-Reply-To: <2fc07758-f37a-d419-7c6a-7e303acc01b5@mit.edu>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: kerberos-bounces@mit.edu
On 4/5/2023 9:11 AM, Greg Hudson wrote:
> On 4/5/23 00:52, Dan Mahoney (Gushi) wrote:
>> Can neither mit kinit nor the heimdal one supplied with BSD systems
>> by default, not just be forced to a single KDC?
>
> It can't, and the library APIs don't really enable it.
If krb5_init_context_profile() actually did what it said, rather than
creating a new profile based on the embedded profile path, it would be
easy (profile_init_path(), change the KDC settings in the profile, pass
it to krb5_init_context_profile()). As is you have to manipulate
internal-only krb5 context struct data to override anything.
There was a thread a while ago discussing fixing this API mistake - did
it ever go anywhere?
--
Carson
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos