Projects/replay_cache_collision_avoidance and replay cache uses

Jeffrey Hutzelman jhutz at
Tue Jan 13 13:18:42 EST 2009

--On Tuesday, January 13, 2009 11:17:07 AM -0600 Nicolas Williams 
<Nicolas.Williams at> wrote:

> Back to hash agility for a moment.  As discussed, it's really hard to do
> hash agility per-entry, and I won't propose that we do.
> But it'd be nice if there was an rcache header entry naming the hash
> function to use for that rcache.
> New rcache implementations that support the hash named in the rcache
> header entry should use it, otherwise they should act as old rcache
> implementations.
> Finally, allow for the hash function for new rcaches to be specified in
> krb5.conf.
> This gets us hash agility at little cost.  And not all of it need be
> implemented now -- it suffices to have the header entry, with the rest
> to be added later.
> But NOT having such a header entry (naming a hash funciton, or rcache
> version, or something) WILL complicate hash agility later.

Is there currently any kind of header?  I guess I sort of assumed there was 
an extensible header there.

More information about the krbdev mailing list