[16509] in Kerberos_V5_Development
Re: Updating ccache config data to be more Java friendly
daemon@ATHENA.MIT.EDU (Weijun Wang)
Tue Nov 23 14:50:17 2010
Message-ID: <4CEBABE4.6060809@oracle.com>
Date: Tue, 23 Nov 2010 19:56:20 +0800
From: Weijun Wang <weijun.wang@oracle.com>
MIME-Version: 1.0
To: Sam Hartman <hartmans@mit.edu>
In-Reply-To: <tslpqtw8do6.fsf_-_@carter-zimmerman.suchdamage.org>
Cc: krbdev@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
OpenJDK is updated to deal with the new ccache format: we simply ignore
any entry whose ticket or second_ticket field is not empty and not
parseable as a DER encoded ticket.
http://hg.openjdk.java.net/jdk7/tl/jdk/rev/c1734c00a8ba
I've filed a backport request for it to JDK 6, hope the fix can be
included in the next update release.
Thanks all
Weijun
On 11/23/2010 07:47 PM, Sam Hartman wrote:
>>>>>> "Frank" == Frank Cusack<frank+krb@linetwo.net> writes:
>
> Frank> On 11/19/10 12:52 AM -0500 Greg Hudson wrote:
> >> On Thu, 2010-11-18 at 22:18 -0500, Weijun Wang wrote:
>>> Java 1.6 currently just reads all entries as normal credential
> >> cache. It
> >>> fails on the new type of entry when trying to interpret the last
> >>> 2 fields as ticket and second ticket. For the new entry, the
> >>> field used to be the ticket is a 3-bytes sequence which is not a
> >>> DER encoding at all.
> >>
> >> I see. In hindsight, we perhaps should have made the config
> >> entries preserve the Ticket ASN.1 structure of the ticket field.
> >> But that ship has sailed.
>
> Frank> Well why couldn't you just update the code that writes the
> Frank> entries? Of course you'd have to read either format but you
> Frank> could remove the "bad" encoding reader after a year.
>
> If we can get Heimdal to go along with this change I'd support making
> it. I do not have cycles to implement.
>
> --Sam
> _______________________________________________
> krbdev mailing list krbdev@mit.edu
> https://mailman.mit.edu/mailman/listinfo/krbdev
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
