Keytab and key version number (kvno)
Markus Moeller
huaraz at btinternet.com
Wed May 26 15:04:13 EDT 2004
I am working with keytabs for HTTP server authentication with Kerberos and
noticed that when writing a keytab the key version number is converted into
krb5_octet (see below code extract) although rfc1510 says it is an unsigned
32 bit integer.
EncryptedData ::= SEQUENCE {
etype [0] Int32 -- EncryptionType --,
kvno [1] UInt32 OPTIONAL,
cipher [2] OCTET STRING -- ciphertext
}
Will this create problems if the key version number gets bigger than 255 ??
Thank you
Markus
from lib/krb5/keytab/file/ktf_util.c
.
.
.
/* key version number */
vno = (krb5_octet)entry->vno;
if (!xfwrite(&vno, sizeof(vno), 1, KTFILEP(id))) {
goto abend;
}
.
.
.
More information about the Kerberos
mailing list