Keytab entries in keytab
Durbin_Ron@emc.com
Durbin_Ron at emc.com
Sat Nov 27 17:21:20 EST 2004
Sam,
The latest Heimdal code stores the kvno in the current place as a byte and
as a 4 byte value at the end
of each entry. Is there any chance that this approach will be adopted by
MIT.
Also with the advent of automatic password updates on CIFS the KVNO is
rolled over after 4
years. On some systems this is not an issue. However, on HA(High
Availability) systems 4 years of uptime
is just getting warmed up. Also since these keys are stored in files on
machines that now stay installed
for many years this is now an issue.
Ron
-----Original Message-----
From: Sam Hartman [mailto:hartmans at mit.edu]
Sent: Friday, November 26, 2004 1:41 PM
To: Durbin_Ron at emc.com
Cc: krbdev at mit.edu
Subject: Re: Keytab entries in keytab
>>>>> "Durbin" == Durbin Ron <Durbin_Ron at emc.com> writes:
Durbin> I notice that the key version number in the keytab is
Durbin> stored as a single byte value. However the in memory and
Durbin> network size is 4 bytes.
Note that the code is somewhat clever in how it deals with the kvno
stored in the keytab in recent releases. The code understands roughly
that the kvno in the file is the full kvno mod 256 and will try and
match accordingly.
Durbin> Is there any future direction is the MIT project that
Durbin> would correct this so the keytab file would store 4 byte
It will require a change to the keytab and thus coordination with
Heimdal. We realize it needs doing but it is not a very high
priority.
More information about the krbdev
mailing list