RT RT/krbdev.mit.edu: Ticket #6206 new API for storing extra per-principal data in ccache Signed in as guest.
[Logout]

[Home] [Search] [Configuration]

[Display] [History] [Basics] [Dates] [People] [Links] [Jumbo]

 
 

 The Basics  
Id
6206
Status
review
Worked
0 min
Priority
0/0
Queue
krb5
 

 Keyword Selections  
Component
  • krb5-libs
Version_reported
Version_Fixed
  • 1.8
Target_Version
Tags
 

 Relationships  
Depends on:
Depended on by:
  • 6239: (Nobody) Apple patch: kinit background renewal job [new]
Parents:
  • 6204: (tlyu) meta-ticket for tracking Apple patches [open]
Children:

Refers to:
Referred to by:
 
 Dates  
Created: Tue Oct 21 11:31:40 2008
Starts: Not set
Started: Mon Nov 23 18:10:39 2009
Last Contact: Wed Dec 2 11:15:49 2009
Due: Not set
Updated: Mon Jan 4 23:38:56 2010 by tlyu
 

 People  
Owner
 tlyu
Requestors
 tlyu@mit.edu
Cc
 
AdminCc
 
 

 More about Tom Yu  
Comments about this user:
No comment entered about this user
This user's 25 highest priority tickets:
 

History   Display mode: [Brief headers] [Full headers]
      Tue Oct 21 11:31:40 2008  tlyu - Ticket created    
     
Subject: new API for storing extra per-principal data in ccache

 

     
Patch from Apple that introduces a new API for storing additional data
in the ccache on a per-principal basis.

Download (untitled) 110b
     
 
Download LHA-3506795-cc-gset-config.patch 8.3k
      Tue Oct 21 11:31:40 2008  tlyu - Ticket 6206 MemberOf ticket 6204.    
      Tue Oct 21 12:07:21 2008  jaltman - Correspondence added    
     
Over the years there have been many organizations that have stored items
in the credential cache as a service principal with a non-Kerberos
ticket as the data blob.   This has been frowned upon and I believe for
good reason.

If we want to make the credential cache an arbitrary storage mechanism
than we should stored typed blobs and permit the registration of blob
types.

Examples of items that organizations have wanted to store in the
credential cache server include:

 * X.509 certificates and private keys
 * SSH public and private keys
 * PGP public and private keys
 * configuration data

I think permitting the credential cache to be used in this manner is a
good thing.  I simply believe that doing so by constructing arbitrary
service names is not.

Tools that list / manipulate the content of the credential cache will
not understand the non-Kerberos v5 ticket blobs.

The credential cache already has support for typed objects because it
must distinguish between v4 and v5 objects.    I believe opening the
registration process to permit third parties to register new types is a
preferable way to go.


Download (untitled) 1k
      Mon Nov 23 18:10:39 2009  hartmans - Status changed from new to review    
      Mon Nov 23 18:10:40 2009  hartmans - Correspondence added    
     
From: hartmans@mit.edu
Subject: SVN Commit


Integrate Apple APIs for storing configuration parameters in a ccache.

* krb5_cc_get_config: get a config parameter from a ccache
* krb5_cc_set_config: set a configuration parameter in a ccache
* krb5_is_config_principal: should this principal be skipped during ccache iteration
* klist: skip config principals

http://src.mit.edu/fisheye/changelog/krb5/?cs=23316
Commit By: hartmans
Revision: 23316
Changed Files:
U   users/hartmans/fast-negotiate/src/clients/klist/klist.c
U   users/hartmans/fast-negotiate/src/include/krb5/krb5.hin
U   users/hartmans/fast-negotiate/src/lib/krb5/ccache/ccapi/stdcc.c
U   users/hartmans/fast-negotiate/src/lib/krb5/ccache/ccfns.c
U   users/hartmans/fast-negotiate/src/lib/krb5/libkrb5.exports


Download (untitled) 730b
      Wed Dec  2 11:15:48 2009  hartmans - Correspondence added    
     
From: hartmans@mit.edu
Subject: SVN Commit


Integrate Apple APIs for storing configuration parameters in a ccache.

* krb5_cc_get_config: get a config parameter from a ccache
* krb5_cc_set_config: set a configuration parameter in a ccache
* krb5_is_config_principal: should this principal be skipped during ccache iteration
* klist: skip config principals

http://src.mit.edu/fisheye/changelog/krb5/?cs=23403
Commit By: hartmans
Revision: 23403
Changed Files:
U   branches/fast-negotiate/src/clients/klist/klist.c
U   branches/fast-negotiate/src/include/krb5/krb5.hin
U   branches/fast-negotiate/src/lib/krb5/ccache/ccapi/stdcc.c
U   branches/fast-negotiate/src/lib/krb5/ccache/ccfns.c
U   branches/fast-negotiate/src/lib/krb5/libkrb5.exports


Download (untitled) 700b
      Mon Jan  4 23:38:56 2010  tlyu - Version_Fixed 1.8 added