On 10/24/07, Emmanuel Lecharny <[EMAIL PROTECTED]> wrote: > Hi, > > while looking into the kerberos code, I found a KeyTab class, which is > used to read a KeyTab file. I have some questions related to this > class :
Module 'kerberos-shared' in the trunk has a keytab package. That package has as its entry point the Keytab class. It sounds a bit like you are talking about something older, IIRC, possibly in another module. If you find keytab code, apart from the keytab package in 'kerberos-shared', you can delete it. > - do we have any tests which shows that this class works ? Yes, the aforementioned package is covered by the KeytabTest class which uses package-scoped methods to test the reading and writing of keytab bytes, avoiding the need for test files on disk. Moreover, I have used this in interop scenarios. > - do we have a Keytab generator? The Keytab class can both read and write to a File. > - do we use this class - or intend to use it - into the kerberos server ? I don't believe the server currently uses this class. I originally intended this component to be used in conjunction with the LDAP protocol to import/export Kerberos keys to/from a keytab file. However, a "version 2" update to the Change Password protocol is working its way through the IETF and I believe this will be the better solution. I wouldn't delete it since it is useful for interop. > - The EncryptionKey class contains a kvno which is not present in the > ASN.1 definition of this structure : do we need this field ? kvno needs to be somewhere. We may not be strict about the kvno in use and IMO most implementations aren't strict but they do check the kvno to give the user the hint that they may not be using the correct kvno w.r.t. the error returned to the user. I would review in light of your refactoring to a strict interpretation of the ASN.1 structures. Enrique
