Updating ccache config data to be more Java friendly

Weijun Wang weijun.wang at oracle.com
Tue Nov 23 06:56:20 EST 2010

OpenJDK is updated to deal with the new ccache format: we simply ignore 
any entry whose ticket or second_ticket field is not empty and not 
parseable as a DER encoded ticket.


I've filed a backport request for it to JDK 6, hope the fix can be 
included in the next update release.

Thanks all

On 11/23/2010 07:47 PM, Sam Hartman wrote:
>>>>>> "Frank" == Frank Cusack<frank+krb at linetwo.net>  writes:
>      Frank>  On 11/19/10 12:52 AM -0500 Greg Hudson wrote:
>      >>  On Thu, 2010-11-18 at 22:18 -0500, Weijun Wang wrote:
>>> Java 1.6 currently just reads all entries as normal credential
>      >>  cache. It
>      >>>  fails on the new type of entry when trying to interpret the last
>      >>>  2 fields as ticket and second ticket. For the new entry, the
>      >>>  field used to be the ticket is a 3-bytes sequence which is not a
>      >>>  DER encoding at all.
>      >>
>      >>  I see.  In hindsight, we perhaps should have made the config
>      >>  entries preserve the Ticket ASN.1 structure of the ticket field.
>      >>  But that ship has sailed.
>      Frank>  Well why couldn't you just update the code that writes the
>      Frank>  entries?  Of course you'd have to read either format but you
>      Frank>  could remove the "bad" encoding reader after a year.
> If we can get Heimdal to go along with this change I'd support making
> it.  I do not have cycles to implement.
> --Sam
> _______________________________________________
> krbdev mailing list             krbdev at mit.edu
> https://mailman.mit.edu/mailman/listinfo/krbdev

More information about the krbdev mailing list