X-CACHECONF in cache type 0504

Tim Alsop Tim at cybersafe.com
Thu Nov 18 08:57:33 EST 2010


We found that in MIT 1.8, when using cache type 0504, there is extra information in the cache entries, related to FAST. This is described at http://krbdev.mit.edu/rt/Ticket/Display.html?id=6206&user=guest&pass=guest

Earlier versions of MIT code, and non MIT code which use and recognise cache type 0504 will not recognise this extra data, and this can cause problems.

Surely the extra info in the cache, would have been better done by creating a new cache type, e.g. 0505  ?
Why was 0504 cache type format changed, thus breaking interoperability with other code which uses same cache type ?

An example of the interop issue is described http://hbaseblog.com/2010/07/21/up-and-running-with-secure-hadoop/ related to Java Kerberos. Basically if MIT code is used to create the cache, the Java 1.6 code cannot recognise the TGT unless the cache entries are renewed to remove the extra information added by MIT. This is hardly ideal, but a good example of the issue I am asking about.


More information about the krbdev mailing list