Change in K4 ticket cache format

Jeffrey Hutzelman jhutz at
Mon Mar 27 19:09:33 EST 2006

On Monday, March 27, 2006 04:28:31 PM -0500 "Alejandro R. Sedeno" 
<asedeno at> wrote:

> I've finally sat down and tested the patch I mentioned earlier on
> Solaris as both 32 and 64-bit libraries. The results are:
> Using cache created by a normal 32-bit library:
> 32: Reads fine
> 32p: Reads fine
> 64: Bad ticket file format (tf_util) for one service ticket.
>     Mangles tickets if there's more than one. [expected]
> 64p: Reads fine
> Using cache created by a normal 64-bit library:
> 32: Mangles tickets, all expired 1970. [expected]
> 32p: Reads fine
> 64: Reads fine
> 64p: Reads fine
> Using a cache created by patched library (32/64):
> 32: Reads fine, shows extra expired tickets (alignment records)
> 32-: Reads fine.
> 64: Reads fine, shows extra expired tickets (alignment records)
> 64p: Reads fine.

Excellent.  This is on a big-endian system, right?

> Using a pached library ticket file, you can add tickets using either an
> unpatched 32-bit or 64-bit library, but that will cause troubles for the
> other unpatched version. This isn't really any worse than what happens
> now. In either case, the patched library will read properly.

My answer to that problem was to provide a 'kfixtickets' program which just 
reads in all the credentials in the ticket file and then writes them back 
out again, optionally to a different file.  When linked against a patched 
library, this allows users to manually fix up ticket files containing 
tickets written by an unpatched library.  Take a look at


(we build that against KTH krb4, but it's not like the API's differ)

-- Jeff

More information about the krbdev mailing list