X-CACHECONF in cache type 0504

Frank Cusack frank+krb at linetwo.net
Mon Nov 22 23:19:05 EST 2010

On 11/19/10 12:52 AM -0500 Greg Hudson wrote:
> On Thu, 2010-11-18 at 22:18 -0500, Weijun Wang wrote:
>> Java 1.6 currently just reads all entries as normal credential cache. It
>> fails on the new type of entry when trying to interpret the last 2
>> fields as ticket and second ticket. For the new entry, the field used to
>> be the ticket is a 3-bytes sequence which is not a DER encoding at
>> all.
> I see.  In hindsight, we perhaps should have made the config entries
> preserve the Ticket ASN.1 structure of the ticket field.  But that ship
> has sailed.

Well why couldn't you just update the code that writes the entries?  Of
course you'd have to read either format but you could remove the "bad"
encoding reader after a year.

More information about the krbdev mailing list