[16465] in Kerberos_V5_Development
X-CACHECONF in cache type 0504
daemon@ATHENA.MIT.EDU (Tim Alsop)
Thu Nov 18 11:47:37 2010
From: Tim Alsop <Tim@cybersafe.com>
To: "krbdev@MIT.EDU" <krbdev@mit.edu>
Date: Thu, 18 Nov 2010 13:57:33 +0000
Message-ID: <C90AE14D.2764A%Tim.Alsop@CyberSafe.com>
Content-Language: en-US
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
HI,
We found that in MIT 1.8, when using cache type 0504, there is extra information in the cache entries, related to FAST. This is described at http://krbdev.mit.edu/rt/Ticket/Display.html?id=6206&user=guest&pass=guest
Earlier versions of MIT code, and non MIT code which use and recognise cache type 0504 will not recognise this extra data, and this can cause problems.
Surely the extra info in the cache, would have been better done by creating a new cache type, e.g. 0505 ?
Why was 0504 cache type format changed, thus breaking interoperability with other code which uses same cache type ?
An example of the interop issue is described http://hbaseblog.com/2010/07/21/up-and-running-with-secure-hadoop/ related to Java Kerberos. Basically if MIT code is used to create the cache, the Java 1.6 code cannot recognise the TGT unless the cache entries are renewed to remove the extra information added by MIT. This is hardly ideal, but a good example of the issue I am asking about.
Thanks,
Tim
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
