Updating ccache config data to be more Java friendly
weijun.wang at oracle.com
Tue Nov 23 06:56:20 EST 2010
OpenJDK is updated to deal with the new ccache format: we simply ignore
any entry whose ticket or second_ticket field is not empty and not
parseable as a DER encoded ticket.
I've filed a backport request for it to JDK 6, hope the fix can be
included in the next update release.
On 11/23/2010 07:47 PM, Sam Hartman wrote:
>>>>>> "Frank" == Frank Cusack<frank+krb at linetwo.net> writes:
> Frank> On 11/19/10 12:52 AM -0500 Greg Hudson wrote:
> >> On Thu, 2010-11-18 at 22:18 -0500, Weijun Wang wrote:
>>> Java 1.6 currently just reads all entries as normal credential
> >> cache. It
> >>> fails on the new type of entry when trying to interpret the last
> >>> 2 fields as ticket and second ticket. For the new entry, the
> >>> field used to be the ticket is a 3-bytes sequence which is not a
> >>> DER encoding at all.
> >> I see. In hindsight, we perhaps should have made the config
> >> entries preserve the Ticket ASN.1 structure of the ticket field.
> >> But that ship has sailed.
> Frank> Well why couldn't you just update the code that writes the
> Frank> entries? Of course you'd have to read either format but you
> Frank> could remove the "bad" encoding reader after a year.
> If we can get Heimdal to go along with this change I'd support making
> it. I do not have cycles to implement.
> krbdev mailing list krbdev at mit.edu
More information about the krbdev