[23818] in Kerberos

home help back first fref pref prev next nref lref last post

Re: Porting k5start to Heimdal

daemon@ATHENA.MIT.EDU (Chaskiel M Grundman)
Thu May 5 12:52:58 2005

Date: Thu, 5 May 2005 12:52:12 -0400 (EDT)
From: Chaskiel M Grundman <cg2v@andrew.cmu.edu>
To: kerberos@mit.edu
In-Reply-To: <87psw6zfwc.fsf@windlord.stanford.edu>
Message-ID: <Pine.LNX.4.61-042.0505051218380.8447@sphinx.andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Errors-To: kerberos-bounces@mit.edu

On Wed, 4 May 2005, Russ Allbery wrote:

> Chaskiel M Grundman <cg2v@andrew.cmu.edu> writes:
>
>> It doesn't seem to be inheriting any appdefaults or libdefaults (It
>> acquires 10 hour, non-forwardable, non-addressless tickets, despite my
>> configuration settings), but I know how to fix that if I get motivated
>> to do so.
>
> How?  I was assuming that the Kerberos libraries would take care of that
> for me, but apparently not.  (Do they even on MIT, or does one always have
> to do that manually?)
Under heimdal, the mechanism is:
void
krb5_get_init_creds_opt_set_default_flags 
(
         krb5_context /*context*/,
         const char */*appname*/,
         krb5_const_realm /*realm*/,
         krb5_get_init_creds_opt */*opt*/);

It will acquire defaults from the appname's section of [appdefaults], the 
realm's section in [realms] (I think), and the [libdefaults] section, in 
that order. The several-year-old mit sources I have laying around do not 
have this function. Instead, krb5_get_init_creds calls krb5_libdefault_* 
to get the values of the forwardable, proxiable, renew_lifetime, and 
noaddresses libdefaults (but not ticket_lifetime???) if they are not set 
in the krb5_get_init_creds_opt structure.
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

home help back first fref pref prev next nref lref last post