On Tue, 2 Aug 2016, BASTET Laurent (Administrateur de systèmes et réseaux au
sein du groupe Infrastructure et Réseau) - SG/SPSSI/CPII/DOIP/IR/Infrastructure
Bordeaux wrote:
> Hello,
>
> Thanks for your reply, i tested on Ubuntu with krb5-kdc v.1.13.2+dfsg-5 and i
> have no more segfault !!!
>
> BUT i have another problem :
> If i put a string using 'setstr laurent otp [{}]' different from empty
> (example 'type':'foo'), it never matches with my kdc.conf configuration witch
> contains both DEFAULT and FOO token configurations.
> I obtain in the logs : : in the logs : Invalid argument - Can't decode otp
> config string for principal 'laur...@example.com'
>
> If i put an empty string 'setstr laurent otp [{}]', it works fine with the otp
> DEFAULT section.
JSON uses double quotes, not single quotes.
I am not actually sure how to escape the quotes to get them through the SS
parser. Probably the easiest way to get well-formed JSON as the string
attribute is to use the new functionality in krb5 1.14 that lets you
specify a kadmin command to run after any global options, avoiding the SS
parser entirely.
For example, on a test KDC I can run:
[root@casio ~]# /opt/zone/kerberos/sbin/kadmin.local -r ZONE.MIT.EDU
setstr kaduk/otp otp '[{"type":"foo"}]'
[root@casio ~]# /opt/zone/kerberos/sbin/kadmin.local -r ZONE.MIT.EDU
getstrs kaduk/otp
otp: [{"type":"foo"}]
-Ben
