[23818] in Kerberos
Re: Porting k5start to Heimdal
daemon@ATHENA.MIT.EDU (Chaskiel M Grundman)
Thu May 5 12:52:58 2005
Date: Thu, 5 May 2005 12:52:12 -0400 (EDT)
From: Chaskiel M Grundman <cg2v@andrew.cmu.edu>
To: kerberos@mit.edu
In-Reply-To: <87psw6zfwc.fsf@windlord.stanford.edu>
Message-ID: <Pine.LNX.4.61-042.0505051218380.8447@sphinx.andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Errors-To: kerberos-bounces@mit.edu
On Wed, 4 May 2005, Russ Allbery wrote:
> Chaskiel M Grundman <cg2v@andrew.cmu.edu> writes:
>
>> It doesn't seem to be inheriting any appdefaults or libdefaults (It
>> acquires 10 hour, non-forwardable, non-addressless tickets, despite my
>> configuration settings), but I know how to fix that if I get motivated
>> to do so.
>
> How? I was assuming that the Kerberos libraries would take care of that
> for me, but apparently not. (Do they even on MIT, or does one always have
> to do that manually?)
Under heimdal, the mechanism is:
void
krb5_get_init_creds_opt_set_default_flags
(
krb5_context /*context*/,
const char */*appname*/,
krb5_const_realm /*realm*/,
krb5_get_init_creds_opt */*opt*/);
It will acquire defaults from the appname's section of [appdefaults], the
realm's section in [realms] (I think), and the [libdefaults] section, in
that order. The several-year-old mit sources I have laying around do not
have this function. Instead, krb5_get_init_creds calls krb5_libdefault_*
to get the values of the forwardable, proxiable, renew_lifetime, and
noaddresses libdefaults (but not ticket_lifetime???) if they are not set
in the krb5_get_init_creds_opt structure.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos