krb5_db_entry: e_length & e_data

Sam Hartman hartmans at MIT.EDU
Wed Feb 11 11:33:44 EST 2004

>>>>> "Darren" == Darren Reed (OSE) <darrenr at> writes:

    Darren> In the kdb5_db_entry structure, there appears to be
    Darren> provision for storing "extra data" of an arbitrary size
    Darren> with each principal.

    Darren> Doing a quick search of krb5 source (1.2.2 was handy), the
    Darren> only use these fields seem to be used is either dumping
    Darren> out the principal in total and in marshalling (XDR) for
    Darren> the Kerberos RPC calls.

    Darren> Should it be assumed that it is therefore safe for
    Darren> "private" use of these fields and that just modifying
    Darren> e_data/e_length on your favourite krb5_db_entry is the way
    Darren> to go ?

No.  In general assume that non-tagged extension fields are reserved
by the vendor and that tagged extension fields like tl_data may be
used in some cases by third parties.

More information about the krbdev mailing list