Zero-length entry in a keytab: why?!
Ezra Peisach
epeisach at MIT.EDU
Thu Sep 17 20:34:13 EDT 2009
Howdy,
a) You describe a variable bytesRemain - neither MIT nor Heimdal use
such a variable - so this might be your code.
b) You mention a vendor app writing such a keytab with holes - care to
mention who? I suspect they might have extended their definition of a
keytab in a non-standard way... You can ask the vendor...
c) If the size field is 0, I can envision that this means the rest of
the structure is empty. I agree with Greg in a preliminary reading of
the MIT code that a size of zero is treated as an end of keytab. A quick
reading of Heimdal's code looks like it would ignore the size field
being zero and try to continue parsing the keytab until EOF. Shishi does
not handle negative sizes....
d) Heimdal has another extension -after the version number, if there are
4 bytes - a flag for the entry can be stored.... Not sure off hand what
for...
e) You mention that klist and ktutil can read the keytab - which vendor
program are you using? I suspect not MIT.
So - I suspect that this might be caused by some vendor's interpretation
of a keytab...
More information about the Kerberos
mailing list