[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Processing keytab in memory
- To: Love Hörnquist Åstrand <email@example.com>
- Subject: Re: Processing keytab in memory
- From: T C <firstname.lastname@example.org>
- Date: Wed, 30 Nov 2005 14:54:31 -0800
- Cc: Andrew Bartlett <email@example.com>, Heimdal Discussion <firstname.lastname@example.org>
- DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=biaOdcEAIPTwcgn570J+AfCv0VT6mWWL6R/nM/cOOLakV1/eqzJtm3FUTmqIc0+qXYig9ZTkoNKIcJaBM9Z0OZPQnPuzhRVM6gsT7w2TSoxhLoxTnahsAQps5Gd3MxeSk7UgjGjK+4+DPQOkr8+6wtb64Jw4tSO2iYH1t7ewsrc=
- In-Reply-To: <email@example.com>
- References: <firstname.lastname@example.org> <email@example.com> <firstname.lastname@example.org> <email@example.com>
- Sender: firstname.lastname@example.org
This sounds like a good solution to my current problem. Does this
mean I will likely store the whole base64 text in the database?
In any case, this would prevent writing to file in order to build the
key table, and thus it would be a great improvement.
I have also encountered a different but related problem. If I
store the whole keytab in database, since our field size maybe
limited, this means to manually divide the keytab into chunks. I
wonder if there is a way to store key values into separate fields in
database, and later fill back a krb5_keytab_entry, and reconstruct the
keytab? Maybe this functionality already exists? Or maybe
something for the future?
On 11/30/05, Love Hörnquist Åstrand <email@example.com> wrote:
T C and Andrew,
> I chose to write it out to a file before parsing it because that seems to be
> the best option I got. I can't hack it because I need to keep my patches at a
> minimum since our system needs to integrate newer versions easily.
I've been thinking about adding a text version of the keytab format so
keytab can easily be transported between systems. I think I would use the
same format as the file keytab. Basicly it would be a base64 encoded file
with appropriate header, see below. And to this there would be support
function in the kerberos libaries to import the text into a keytab (memory
Would this solve your problems ?
------BEGIN KERBEROS 5 KEYTAB------
Created-by: Love <firstname.lastname@example.org>
------END KERBEROS 5 KEYTAB------