Change in K4 ticket cache format
Jeffrey Hutzelman
jhutz at cmu.edu
Mon Mar 27 19:09:33 EST 2006
On Monday, March 27, 2006 04:28:31 PM -0500 "Alejandro R. Sedeno"
<asedeno at mit.edu> wrote:
> I've finally sat down and tested the patch I mentioned earlier on
> Solaris as both 32 and 64-bit libraries. The results are:
>
> Using cache created by a normal 32-bit library:
> 32: Reads fine
> 32p: Reads fine
> 64: Bad ticket file format (tf_util) for one service ticket.
> Mangles tickets if there's more than one. [expected]
> 64p: Reads fine
>
> Using cache created by a normal 64-bit library:
> 32: Mangles tickets, all expired 1970. [expected]
> 32p: Reads fine
> 64: Reads fine
> 64p: Reads fine
>
> Using a cache created by patched library (32/64):
> 32: Reads fine, shows extra expired tickets (alignment records)
> 32-: Reads fine.
> 64: Reads fine, shows extra expired tickets (alignment records)
> 64p: Reads fine.
Excellent. This is on a big-endian system, right?
> Using a pached library ticket file, you can add tickets using either an
> unpatched 32-bit or 64-bit library, but that will cause troubles for the
> other unpatched version. This isn't really any worse than what happens
> now. In either case, the patched library will read properly.
My answer to that problem was to provide a 'kfixtickets' program which just
reads in all the credentials in the ticket file and then writes them back
out again, optionally to a different file. When linked against a patched
library, this allows users to manually fix up ticket files containing
tickets written by an unpatched library. Take a look at
/afs/cs.cmu.edu/misc/aaa/src/aaa-head/bin/kfixtickets.c
(we build that against KTH krb4, but it's not like the API's differ)
-- Jeff
More information about the krbdev
mailing list