I’m working on a C program that uses MIT Kerberos for user authentication. The krb5_get_init_creds_password() function works fine for authenticating users like [email protected], but I have to set up the KDC server in the krb5.conf file like this:
[realms]
EXAMPLE.COM = {
kdc = example.com
}
I’m wondering if there’s a way to set the KDC server address directly in the C code without using the krb5.conf file or environment variables. Any ideas on how to do this?
I’ve dealt with a similar issue in one of my projects. Instead of relying on krb5.conf, you can use the krb5_context_set_default_realm() function to set the realm, and then krb5_context_set_config_string() to specify the KDC server. Here’s a rough example:
This approach gives you more flexibility and allows you to dynamically set the KDC server address in your code. Just make sure to handle any potential errors and free resources properly. It’s been quite reliable in my experience, though it did take some trial and error to get it working smoothly.
heya spinninggalaxy, u might wanna check out the krb5_get_init_creds_opt_set_server() function. it lets u set the kdc server programmatically. just create a krb5_get_init_creds_opt struct, initialize it, and use that function to specify the server before calling krb5_get_init_creds_password(). hope this helps!
You can use the krb5_set_config_files() function to programmatically set the configuration without relying on krb5.conf. This allows you to specify a custom configuration file or even pass NULL to ignore all config files. Then, use krb5_set_default_realm() to set the realm and krb5_realm_iterator() to add KDC information. This approach gives you full control over the Kerberos configuration in your C code, eliminating the need for external files or environment variables. Just remember to handle error checking and cleanup properly to ensure robustness.