>>>>> "mikef" == Mike Friedman <[EMAIL PROTECTED]> writes:
mikef> But some of the information I want seems to be encoded within mikef> more generic fields. In particular, I'm looking for the Last mikef> Password Change and Last Modified information. I'm afraid you're correct here; the last modification information is encoded in the tl_data, which is a generic extension field, and is dumped as a hex-string. mikef> But (for reasons not worth going into here) I'm planning to mikef> write a script that will go through the entire db dump file, mikef> looking for particular values in the two fields mentioned mikef> above, among others. I don't want to issue a kadmin command mikef> for each of the 200K principals in our database. That's understandable, and it's in fact a problem that could be solved in multiple ways. I plan on starting discussion on krbdev on these topics (dump file format and the rather limited capabilities of the kadmin client) at some point, when other things have settled down somewhat. mikef> I think if I spent enough time at it, I could figure all this mikef> out from the dump.c code. But I'm hoping somone has layed out mikef> the dump file already and can save me some time. The code you probably care about is not entirely in dump.c; that code only handles dumping the generic tl_data as hex-strings. The function krb5_dbe_update_mod_princ_data(), which is in lib/kdb/kdb_xdr.c, contains the actual code to encode the tl_data for the modification information. ---Tom
