Hi Enrique,
Enrique Rodriguez wrote:
On 10/24/07, Emmanuel Lecharny <[EMAIL PROTECTED]> wrote:
Hi,
while looking into the kerberos code, I found a KeyTab class, which is
used to read a KeyTab file. I have some questions related to this
class :
Module 'kerberos-shared' in the trunk has a keytab package. That
package has as its entry point the Keytab class. It sounds a bit like
you are talking about something older, IIRC, possibly in another
module. If you find keytab code, apart from the keytab package in
'kerberos-shared', you can delete it.
Ok, found it... I was looking into the apacheds-password-client project,
and didn't found the Keytab tests. Thanks for pointing them to me.
- do we use this class - or intend to use it - into the kerberos server ?
I don't believe the server currently uses this class. I originally
intended this component to be used in conjunction with the LDAP
protocol to import/export Kerberos keys to/from a keytab file.
However, a "version 2" update to the Change Password protocol is
working its way through the IETF and I believe this will be the better
solution. I wouldn't delete it since it is useful for interop.
Ok, np. I will keep this KeyTab class, I was just wondering what it
would be good at. After some googling, I see it's good to have it.
- The EncryptionKey class contains a kvno which is not present in the
ASN.1 definition of this structure : do we need this field ?
kvno needs to be somewhere. We may not be strict about the kvno in
use and IMO most implementations aren't strict but they do check the
kvno to give the user the hint that they may not be using the correct
kvno w.r.t. the error returned to the user. I would review in light
of your refactoring to a strict interpretation of the ASN.1
Let me think more about this question and your answer. I must further my
understanding about the use of this kvno member.
Thanks for the answers !
E.
