[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Processing keytab in memory
- To: Love Hörnquist Åstrand <lha@kth.se>
- Subject: Re: Processing keytab in memory
- From: T C <tccheung1@gmail.com>
- Date: Wed, 30 Nov 2005 14:54:31 -0800
- Cc: Andrew Bartlett <abartlet@samba.org>, Heimdal Discussion <heimdal-discuss@sics.se>
- DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=biaOdcEAIPTwcgn570J+AfCv0VT6mWWL6R/nM/cOOLakV1/eqzJtm3FUTmqIc0+qXYig9ZTkoNKIcJaBM9Z0OZPQnPuzhRVM6gsT7w2TSoxhLoxTnahsAQps5Gd3MxeSk7UgjGjK+4+DPQOkr8+6wtb64Jw4tSO2iYH1t7ewsrc=
- In-Reply-To: <m2veya9xhk.fsf@dhcp-wavelan-v-224.publik.su.se>
- References: <864305450511081428u2d5d3398i8f790d69bd22760@mail.gmail.com> <1132987078.4305.23.camel@amy.flyaway.abartlet.net> <864305450511272034q7c3fea3dja7db94c1cf65dbe3@mail.gmail.com> <m2veya9xhk.fsf@dhcp-wavelan-v-224.publik.su.se>
- Sender: owner-heimdal-discuss@sics.se
Love,
This sounds like a good solution to my current problem. Does this
mean I will likely store the whole base64 text in the database?
In any case, this would prevent writing to file in order to build the
key table, and thus it would be a great improvement.
I have also encountered a different but related problem. If I
store the whole keytab in database, since our field size maybe
limited, this means to manually divide the keytab into chunks. I
wonder if there is a way to store key values into separate fields in
database, and later fill back a krb5_keytab_entry, and reconstruct the
keytab? Maybe this functionality already exists? Or maybe
something for the future?
Thanks,
Terry
On 11/30/05, Love Hörnquist Åstrand <lha@kth.se> wrote:
T C and Andrew,
> I chose to write it out to a file before parsing it because that seems to be
> the best option I got. I can't hack it because I need to keep my patches at a
> minimum since our system needs to integrate newer versions easily.
I've been thinking about adding a text version of the keytab format so
keytab can easily be transported between systems. I think I would use the
same format as the file keytab. Basicly it would be a base64 encoded file
with appropriate header, see below. And to this there would be support
function in the kerberos libaries to import the text into a keytab (memory
or file).
Would this solve your problems ?
Love
------BEGIN KERBEROS 5 KEYTAB------
Format: 4
Created-by: Love <lha@datan.it.su.se>
ntKSpAmri3nLPi6y8lRfFxs779Bzaoe3/RgEU3ASmTB20UOBJvmo8b42L6+AcAtx
TcnSfCbkRqN+FfjNNlnwUSYAA42lobvYnLh42hFTi/0js2pJ03S3ulXxhTcbDJLK
vOKK67KGlfGI1hct2jltGIbVwc4YH53Y3VBa5LpZT965rg
------END KERBEROS 5 KEYTAB------