[16489] in Kerberos_V5_Development
Re: X-CACHECONF in cache type 0504
daemon@ATHENA.MIT.EDU (Tim Alsop)
Fri Nov 19 13:37:12 2010
From: Tim Alsop <Tim@cybersafe.com>
To: Greg Hudson <ghudson@mit.edu>, Tim Alsop <Tim@cybersafe.com>
Date: Fri, 19 Nov 2010 16:27:08 +0000
Message-ID: <C90C5533.27A21%Tim.Alsop@CyberSafe.com>
In-Reply-To: <1290183664.2633.1264.camel@ray>
Content-Language: en-US
MIME-Version: 1.0
Cc: Weijun Wang <weijun.wang@oracle.com>, Sam Hartman <hartmans@mit.edu>,
"krbdev@MIT.EDU" <krbdev@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
Ok, so we can use krb5_ccache_conf_data at the start with the X-CACHECONF:
as realm, but the data between these two elements can be anything we want.
e.g. This is valid and acceptable if found in a cache:
krb5_ccache_conf_data/foo/bar/hello/world@X-CACHECONF:
Thanks,
Tim
On 19/11/2010 16:21, "Greg Hudson" <ghudson@mit.edu> wrote:
>On Fri, 2010-11-19 at 11:03 -0500, Tim Alsop wrote:
>> So, is this name/realm specific to configuration data for FAST ? What
>> happens if a vendor wants to store configuration data for some other
>> reason, and not for FAST reasons ? Do they use different name/realm ?
>
>No; in fact, Heimdal already uses it for another purpose (something
>called "FriendlyName"). The service principal format is:
>
>krb5_ccache_conf_data/name/principal@X-CACHECONF:
>
>where "name" is an argument to krb5_cc_get_config() and
>krb5_cc_set_config(). For FAST negotiation, "name" is set to
>fast_avail.
>
>
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
