[PYTHON-CRYPTO] Having trouble reading MIT CredCache programatically

Mayers, Philip J p.mayers at IC.AC.UK
Wed Nov 28 13:17:00 CET 2001 

Ah, OK. I could have misunderstood...

I'm afraid I no longer code in C if I can possibly avoid it. Also, I'm
rather an advocate of certain programming techniques which are an anathema
to the vast majority of C-based Unix projects, so any contributions I could
make are likely to be summarily rejected ("Here is a patch to make all
strings in MIT Kerberos be STL ropes...", and such like :o)

I realise the file format is not meant to be interoperable. The specific
reason I'm doing this is I want to play with PKINIT and would still like to
use all my usual apps with the ticket I get, which means using a different
kinit program to populate my cred cache. There are other reasons (it's
interesting, fun, teaches me a lot, and so on).

I wouldn't worry. It's highly likely that I'll never get to a release, since
I can't seem to figure the des-cbc-crc enctype out...

Regards,
Phil

+------------------------------------------+
| Phil Mayers                              |
| Network & Infrastructure Group           |
| Information & Communication Technologies |
| Imperial College                         |
+------------------------------------------+


-----Original Message-----
From: Booker C. Bense [mailto:bbense at networking.stanford.edu]
Sent: 27 November 2001 21:15
To: 'kerberos at MIT.EDU'
Cc: PYTHON-CRYPTO at NIC.SURFNET.NL
Subject: RE: Having trouble reading MIT CredCache programatically


On Sat, 24 Nov 2001, Mayers, Philip J wrote:

> As my follow up indicated (which of course you read), I do realise that a
> client doesn't have the service key - I wasn't thinking when I typed the
> mail and it was a stupid question.
>
> I could give many flippant, impolite answers to your first question, but
> instead I'll say: Why not? Are you so sure that the MIT or Heimdal
> implementations are so perfect that there's nothing I can contribute by
> making a third interoperable one? If so, I envy your confidence.
>

- I think what Sam was trying to tell you was that your code won't be
interoperable. The file ccache format that MIT is currently using is
not meant to be a "public" format and can be changed at any time. In
fact it will be changed in the near future. You're supposed to use
the API to access it. I think Sam is well aware of the flaws of
kerberos and wishes people that had time to work on it would work on
fixing the existing code, rather than redoing all the same old errors
in a different code.

- You may not be familiar with the history of kerberos, but it is rife
with just slightly incompatible API's that have put up huge roadblocks
to interoperablity and code exchange in the past. Of course that never
stopped anybody before and I don't expect it to now.

- Booker C. Bense

More information about the python-crypto mailing list