Ticket History #194: a stash file is not a keytab

# Mon Aug 19 14:15:41 2002 The RT System itself - Default: Import/ changed from (no value) to (no value)

Download (untitled) / with headers
text/plain 1.5KiB

From eichin@MIT.EDU Thu Nov 14 21:57:02 1996
Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id VAA13085 for <bugs@RT-11.MIT.EDU>; Thu, 14 Nov 1996 21:57:02 -0500
Received: from DCL.MIT.EDU by MIT.EDU with SMTP
id AA23508; Thu, 14 Nov 96 21:57:00 EST
Received: by dcl.MIT.EDU (5.x/4.7) id AA14451; Thu, 14 Nov 1996 21:56:58 -0500
Message-Id: <9611150256.AA14451@dcl.MIT.EDU>
Date: Thu, 14 Nov 1996 21:56:58 -0500
From: eichin@MIT.EDU
Reply-To: eichin@MIT.EDU
To: krb5-bugs@MIT.EDU
Cc: eichin@MIT.EDU
Subject: a stash file is not a keytab
X-Send-Pr-Version: 3.99

Show quoted text

>Number: 194
>Category: krb5-kdc
>Synopsis: a stash file is not a keytab
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: krb5-unassigned
>State: open
>Class: change-request
>Submitter-Id: unknown
>Arrival-Date: Thu Nov 14 21:58:01 EST 1996
>Last-Modified:
>Originator: Mark W. Eichin
>Organization:

cygnus

Show quoted text

>Release: 1.0
>Environment:

System: SunOS dcl 5.4 Generic_101945-37 sun4m sparc

Show quoted text

>Description:

A stash file is not a keytab. It probably should be; the keytab code is
maintained, and machine-independent, and using the keytab code for the stash
file would mean probably eliminating a lot of spurious code to select
the master key name etc.

Show quoted text

>How-To-Repeat:

attempt to move a keytab from a master kdc to a slave. if they architectures
are different byte orders, you will lose.

Show quoted text

>Fix:

Show quoted text

>Audit-Trail:
>Unformatted:

# Mon Aug 19 14:15:41 2002 The RT System itself - Tags enhancement added

# Mon Aug 19 14:15:41 2002 The RT System itself - Component krb5-kdc added

# Fri Jan 09 16:55:54 2004 hartmans (Sam Hartman) - Subject changed from 'a stash file is not a keytab ' to 'preauth'

# Tue Dec 18 14:35:57 2007 hartmans (Sam Hartman) - Status changed from 'new' to 'open'

# Tue Dec 18 14:35:57 2007 hartmans (Sam Hartman) - Correspondence added

Subject:

a stash file is not a keytab

Download (untitled) / with headers
text/plain 379B

[RT_System - Mon Aug 19 14:15:41 2002]:

Show quoted text

>
> A stash file is not a keytab. It probably should be; the keytab code
> is
> maintained, and machine-independent, and using the keytab code for the
> stash
> file would mean probably eliminating a lot of spurious code to select
> the master key name etc.

As an FYI, it looks like we may be assigning resources to this finally.

# Tue Jul 01 14:53:37 2008 lxs (Alexandra Ellwood) - Given to wfiveash (Will Fiveash)

# Tue Jul 01 14:55:46 2008 lxs (Alexandra Ellwood) - Comments added

Subject:

a stash file is not a keytab

Download (untitled) / with headers
text/plain 172B

Assigning bug to Will Fiveash because he's working on the project to
make the stashfile a keytab. Will, if you already have a bug open just
merge this bug with that one.

# Tue Jul 01 16:02:45 2008 wfiveash (Will Fiveash) - Correspondence added

Date:	Tue, 1 Jul 2008 14:55:10 -0500
From:	Will Fiveash <William.Fiveash@sun.com>
To:	rt@krbdev.mit.edu
Subject:	Re: [krbdev.mit.edu #194] a stash file is not a keytab
RT-Send-Cc:

Download (untitled) / with headers
text/plain 546B

On Tue, Jul 01, 2008 at 02:55:48PM -0400, Alexandra Ellwood via RT wrote:

Show quoted text

> Assigning bug to Will Fiveash because he's working on the project to
> make the stashfile a keytab. Will, if you already have a bug open just
> merge this bug with that one.

The masterkey keytab stash project is not dealing with keytab byte order
issues. Ken convinced me that 194 is a separate bug but if you feel
otherwise given the above, then I will merge this with my ticket.

--
Will Fiveash
Sun Microsystems Inc.
http://opensolaris.org/os/project/kerberos/

# Tue Jul 01 16:31:32 2008 tlyu (Taylor Yu) - Correspondence added

To:	rt@krbdev.mit.edu
Subject:	Re: [krbdev.mit.edu #194] a stash file is not a keytab
From:	Tom Yu <tlyu@MIT.EDU>
Date:	Tue, 01 Jul 2008 16:31:22 -0400
RT-Send-Cc:

Download (untitled) / with headers
text/plain 420B

"william.fiveash@sun.com via RT" <rt-comment@krbdev.mit.edu> writes:

Show quoted text

> The masterkey keytab stash project is not dealing with keytab byte order
> issues. Ken convinced me that 194 is a separate bug but if you feel
> otherwise given the above, then I will merge this with my ticket.

I think we can treat ticket #5662 as the stash file byte order
independence issue. As far as I know, keytabs are a single byte
order.

# Tue Jul 01 17:00:35 2008 wfiveash (Will Fiveash) - Correspondence added

Date:	Tue, 1 Jul 2008 15:52:56 -0500
From:	Will Fiveash <William.Fiveash@sun.com>
To:	rt@krbdev.mit.edu
Subject:	Re: [krbdev.mit.edu #194] a stash file is not a keytab
RT-Send-Cc:

Download (untitled) / with headers
text/plain 796B

On Tue, Jul 01, 2008 at 04:31:33PM -0400, Tom Yu via RT wrote:

Show quoted text

> "william.fiveash@sun.com via RT" <rt-comment@krbdev.mit.edu> writes:
>

> > The masterkey keytab stash project is not dealing with keytab byte order
> > issues. Ken convinced me that 194 is a separate bug but if you feel
> > otherwise given the above, then I will merge this with my ticket.

>
> I think we can treat ticket #5662 as the stash file byte order
> independence issue. As far as I know, keytabs are a single byte
> order.

Someone should reassign 194 to someone other than myself then. BTW, as
far as I can tell I can login to the RT system as guest only. I don't
have a problem with that but I am not able to change ticket state.

--
Will Fiveash
Sun Microsystems Inc.
http://opensolaris.org/os/project/kerberos/

# Tue Jul 01 18:19:31 2008 lxs (Alexandra Ellwood) - Correspondence added

Subject:

a stash file is not a keytab

Download (untitled) / with headers
text/plain 526B

[tlyu - Tue Jul 1 16:31:32 2008]:

Show quoted text

>
> I think we can treat ticket #5662 as the stash file byte order
> independence issue. As far as I know, keytabs are a single byte
> order.

Keytabs aren't byte order independent? So if a sysadmin creates a keytab for me on a machine
with a different endianness from mine do I have to do something to it for it to work?

Also this bug seems to be specifically about wanting a stash file to be a keytab. Machine
independence is listed as just one of the side benefits of doing this.

# Tue Jul 01 19:11:24 2008 raeburn (Ken Raeburn) - Comments added

From:	Ken Raeburn <raeburn@MIT.EDU>
To:	rt-comment@krbdev.mit.edu
Subject:	Re: [krbdev.mit.edu #194] a stash file is not a keytab
Date:	Tue, 1 Jul 2008 19:11:14 -0400
RT-Send-Cc:

Download (untitled) / with headers
text/plain 588B

On Jul 1, 2008, at 18:19, Alexandra Ellwood via RT wrote:

Show quoted text

> Keytabs aren't byte order independent? So if a sysadmin creates a
> keytab for me on a machine
> with a different endianness from mine do I have to do something to
> it for it to work?

There have been a couple versions of the keytab file format; v1 was in
native order, but v2 writes big-endian values. (Mostly 16-bit values,
though, I think, even for fields that are supposed to support 32-bit
values -- and only 8 bits for the key version number, which will
likely become a serious problem at some point.)

Ken

# Tue Jul 01 19:17:43 2008 tlyu (Taylor Yu) - Correspondence added

To:	rt@krbdev.mit.edu
Subject:	Re: [krbdev.mit.edu #194] a stash file is not a keytab
From:	Tom Yu <tlyu@MIT.EDU>
Date:	Tue, 01 Jul 2008 19:17:33 -0400
RT-Send-Cc:

Download (untitled) / with headers
text/plain 749B

"Alexandra Ellwood via RT" <rt-comment@krbdev.mit.edu> writes:

Show quoted text

> [tlyu - Tue Jul 1 16:31:32 2008]:
>

>>
>> I think we can treat ticket #5662 as the stash file byte order
>> independence issue. As far as I know, keytabs are a single byte
>> order.

>
> Keytabs aren't byte order independent? So if a sysadmin creates a
> keytab for me on a machine with a different endianness from mine do
> I have to do something to it for it to work?

I meant that as far as I know, keytabs are a single
(platform-independent) byte order, and a brief scan of the source code
agrees.

Show quoted text

> Also this bug seems to be specifically about wanting a stash file to
> be a keytab. Machine independence is listed as just one of the side
> benefits of doing this.

Agreed.

# Thu Aug 07 16:03:30 2008 wfiveash (Will Fiveash) - Status changed from 'open' to 'review'

# Thu Aug 07 16:03:31 2008 wfiveash (Will Fiveash) - Comments added

Subject:

a stash file is not a keytab

Download (untitled) / with headers
text/plain 334B

Ken,
I committed a test to verify that the new mkey stash code is backwards
compat with old format stash files. See the latest changeset on the
mkey_keytab branch. Let me know if that looks good, I'm assuming that
branch can be merged in after that.

--
Will Fiveash
Sun Microsystems Inc.
http://opensolaris.org/os/project/kerberos/

# Mon Aug 11 17:32:20 2008 raeburn (Ken Raeburn) - Comments added

Subject:

a stash file is not a keytab

Download (untitled) / with headers
text/plain 54B

Looks good, please go ahead and merge it to the trunk.

# Thu Aug 14 20:38:50 2008 wfiveash (Will Fiveash) - Correspondence added

From:	william.fiveash@sun.com
Subject:	SVN Commit

Download (untitled) / with headers
text/plain 1.1KiB

a stash file is not a keytab

Note, this is the commit for the associated Krb Consortium project:
Projects/Masterkey Keytab Stash

Commit By: wfiveash

Revision: 20661
Changed Files:
U trunk/src/configure.in
U trunk/src/include/k5-int.h
U trunk/src/include/kdb.h
U trunk/src/kadmin/dbutil/dump.c
U trunk/src/kadmin/dbutil/kdb5_create.c
U trunk/src/kadmin/dbutil/kdb5_stash.c
U trunk/src/kadmin/dbutil/kdb5_util.M
U trunk/src/kadmin/dbutil/kdb5_util.c
U trunk/src/kdc/main.c
U trunk/src/lib/kadm5/admin.h
U trunk/src/lib/kadm5/alt_prof.c
U trunk/src/lib/kadm5/srv/server_kdb.c
U trunk/src/lib/kadm5/unit-test/api.2/init-v2.exp
U trunk/src/lib/kdb/kdb5.c
U trunk/src/lib/kdb/kdb5.h
U trunk/src/lib/kdb/kdb_default.c
U trunk/src/lib/krb5/keytab/kt_file.c
U trunk/src/lib/krb5/keytab/kt_memory.c
U trunk/src/lib/krb5/keytab/kt_srvtab.c
U trunk/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c
U trunk/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.M
U trunk/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c
U trunk/src/tests/Makefile.in
U trunk/src/tests/create/kdb5_mkdums.c
A trunk/src/tests/mkeystash_compat/
U trunk/src/tests/verify/kdb5_verify.c

# Fri Aug 15 18:30:36 2008 raeburn (Ken Raeburn) - Subject changed from 'a stash file is not a keytab ' to 'a stash file is not a keytab'

# Fri Aug 15 18:30:36 2008 raeburn (Ken Raeburn) - Status changed from 'review' to 'resolved'

# Fri Jan 30 23:08:17 2009 tlyu (Taylor Yu) - Version_Fixed 1.7 added