On Thu, Sep 17, 2009 at 8:34 PM, Ezra Peisach <[email protected]> wrote: > ---------- Forwarded message ---------- > From: Ezra Peisach <[email protected]> > To: [email protected] > Date: Thu, 17 Sep 2009 20:34:13 -0400 > Subject: Re: Zero-length entry in a keytab: why?! > Howdy, > > a) You describe a variable bytesRemain - neither MIT nor Heimdal use such a > variable - so this might be your code.
Yes, these variables are in my code. Thought I'd mentioned that. Sorry if I wasn't clear. :-( > > b) You mention a vendor app writing such a keytab with holes - care to > mention who? I suspect they might have extended their definition of a keytab > in a non-standard way... You can ask the vendor... Centrify. > d) Heimdal has another extension -after the version number, if there are 4 > bytes - a flag for the entry can be stored.... Not sure off hand what for... Yeah, I think this describes what I'm seeing -- even if not specific to Heimdal. http://www.gnu.org/software/shishi/manual/html_node/The-Keytab-Binary-File-Format.html http://www.h5l.org/manual/heimdal-1-2-branch/krb5/page_fileformats.html > > e) You mention that klist and ktutil can read the keytab - which vendor > program are you using? I suspect not MIT. If I'm seeing things correctly, Centrify ships with its own version of the MIT binaries (klist, kinit, etc). But your assertion made me think about Heimdal a lot. I am going to read their keytab code and see if I can understand where things might be amiss here. Certainly there are many, many cases in my existing keytab where there are *NO* extra bytes after the keyblock, and even when i look at the bytes after the keyblock I can't figure how these would represent a vno for that matter. Also, looking further at the keytab in a binary editor I see a ton of @^...@^@^...@^@^...@^@^...@^@^...@^@^...@^@^...@^@^...@^@^ffffff at the end of the file -- without any other keytab entries following that data. This just doesn't seem like the case in any other keytabs I've looked at. -- K ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
