Hey, I'm a coworker of Lars' and working on this project. On Friday, 8 April 2022 06.35.29 CEST Greg Hudson wrote: > krb5_init_context_profile() lets you supply a profile object. If this > is created with profile_init_path(), the application should be able to > strictly control which file is used. > > It is possible to create an in-memory profile with > profile_init_vtable(). Perhaps it would be nicer if one could create an > empty in-memory profile object and populate it with > profile_add_relation(), but that is not currently implemented.
profile_init_vtable() (or building it with profile_add_relation()) would be ideal, yes. Our current prototype uses krb5_init_context_profile() for the sake of simplicity (vtables are annoying to build up and maintain across the Rust-C border, so I didn't want to go there until we could confirm that the rest works). However, the kadm5_init_*() family of functions (via init_any()) calls kadm5_get_config_params(), which in turn always loads its own profile by calling krb5_aprof_init() with a hard-coded choice of either DEFAULT_PROFILE_PATH or DEFAULT_KDC_PROFILE. This _is_ possible to override with environment variables, but that's a pretty big ask when linking to the library in-process. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos