[196] in Zephyr Mailing List
Re: zephyr at MIT using Kerb5
daemon@ATHENA.MIT.EDU (Derek Atkins)
Tue Dec 19 12:12:29 1995
To: Stephen Gildea <gildea@x.org>
Cc: zephyr@MIT.EDU
In-Reply-To: Your message of "Tue, 19 Dec 1995 11:31:32 EST."
<9512191631.AA18197@alex.x.org>
Date: Tue, 19 Dec 1995 12:06:47 EST
From: Derek Atkins <warlord@MIT.EDU>
The problem is not the encoding of the name. Rather, the problem is
the encoding of the ticket and authenticator, which is inherently a
binary object. Moreover, the size of a krb5 ticket/authenticator is
more than three times the size of a krb4 ticket/authenticator. using
the current ZMakeAscii function bloats this so big that it overruns
the size of a packet.
What OV did was change the ZMakeAscii, thereby changing the zephyr
protocol, to get the krb5 authenticator to fit. As I recall, the
change was not big, so hopefully it will make it into zephyr 2.1.
> I'm not sure exactly what the Zephyr encoding constraints are, but let
> me give some perspective from another Kerberos project. The Krb5
> support in the next X Window System release will encode Kerberos
> principals on the wire using the character string generated by
> krb5_unparse_name. This encoding has the advantage that we don't have
> to write new routines to encode and decode the wire protocol.
Umm, ok, how do you encode the kerberos ticket (and authenticator) on
the wire? I believe the X protocol is a binary protocol, right?
Zephyr is not. Zephyr is supposed to be only 7-bit clean, which means
binary data needs to be encoded into 7-bit characters. The problem is
that the original zephyr binary to ascii converter was a 4->11, versus
something like radix64 (3->4) or uuencode (7->8). This bloat is the
reason that krb5 doesn't work directly with zephyr 2.0.2.
-derek
