[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: need more explanation on krb4->krb5 conversion



At 8:51 AM +0200 10/1/03, Martin MOKREJ· wrote:
>On Wed, 1 Oct 2003, David Komanek wrote:
>
>>
>>  > > http://www.pdc.kth.se/heimdal/heimdal.html#Kerberos%204%20issues
>>  > > "Fortunately, the KDC has a trump on hand: it can easily tell if a
>>  > > principal exists in the database. The KDC will use
>>  > > krb5_425_conv_principal_ext to convert principals when 
>>handling to version
>>  > > 4 requests."
>>  > >
>>  > > Sorry, what is krb5_425_conv_principal_ext? The document doesn't say one
>>  > > has to create any such!
>>  >
>>  > There is a man page for krb5_425_conv_principal_ext.
>>
>>  Martin, regarding the format of the manpage text and man chapter (3) I
>>  suppose this is a C-language function in some library, which is used
>>  by Heimdal programs. Therefore you shouldn't use it directly except your
>>  own written programs and contributions to Heimdal sourcetree. Various
>>  heimdal binaries can call it as needed.
>
>OK, I got it. So why isn't there krb5_425_conv_principal_ext() ? ;)

I hope I'm guessing the miscommunication here correctly.

The routine does exist.  It's called internally to translate stuff 
between K5 and K4.  The reason to look at the man page for it isn't 
so you can use the function directly.

The reason to look at the man page is because it tells you how the 
conversion is done.  It also tells you some stuff about what you can 
put in /etc/krb5.conf to control how the translation is done.  THAT 
is the reason to look at the page.
-- 
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu