List, I would suggest just documenting the 5 2 format of keytab files properly and make it the "official" file format for now. I can put a wiki page up on wiki.ethereal.com that documents the format.
The file format is used by various tools ans products already and all have basically had to reverse engineer the format independently. Lets call this format a de facto standard for keytab files. MIT uses this format Heimdal uses this format. Microsofts KTPASS utility writes this format Samba4 has some tool that creates/writes files in this format. Ethereal will soonish read this format natively for BTN_KERBEROS (better than nothing) that would be an rc4 only fallback mode when neither mit nor heimdal is available to link with. Mr Allen is writing a keytap encoder as well. I know of several other proprietary kerberos client implementations that use the same format as well. There are many situations where one wants to read/write keytab files, something which only requires at most a couple of hundred lines of simple C-code and where one for various reasons do not want to link with a full blown huge kerberos implementation. There are also situations where one wants to be able to read/write such files on platforms or hosts where there are no kerberos libraries installed. ronnie On 5/2/06, Marcus Watts <[EMAIL PROTECTED]> wrote: > > Various wrote: > > Message-ID: <[EMAIL PROTECTED]> > > From: Jeffrey Altman <[EMAIL PROTECTED]> > > Subject: Re: keytab file format - exporting arcfour keys from active > directory > > Date: Mon, 01 May 2006 23:08:32 GMT > > Organization: Road Runner High Speed Online http://www.rr.com > > To: [email protected] > > > > Michael B Allen wrote: > > > On Mon, 01 May 2006 17:13:13 -0400 > > > Sam Hartman <[EMAIL PROTECTED]> wrote: > > > > > >> We'd really prefer you just call into a krb5_32.dll. That will > > >> continue to work if the keytab format changes in the future. > > > > > > I don't think asking people to installing an MIT kerberos dll on a > Windows > > > KDC would go over well. I think I'll stick to standard C. > > > > > > Mike > > > > Why not? People do it all the time. Besides what language do you > > think the DLL was compiled from? "C". > > > > Jeffrey Altman > > ________________________________________________ > > Kerberos mailing list [email protected] > > https://mailman.mit.edu/mailman/listinfo/kerberos > > > > I can understand not wanting to make this file format > very permanent. I think it might be nice to have *some* > format that is reasonably permanent and useable cross-platform, > between different languages & all. So far, we have: > mit kerberos > heimdal kerberos > microsoft > shishi > ... not to mention several vendor adaptions of mit, > several java implementations of kerberos, etc. > The heimdal folks seem to have bothered to figure out the file format. > Apparently Microsoft today can also make keytabs. I don't know if they > have any sort of public native API to read/write them. The shishi > folks don't yet have logic to do this, probably in part due to the lack > of documentation. The shishi folks *do* have their own keyfile > format. Nevertheless, this is on their project list. So the MIT folks > have already got significant compatibility issues to work out, at least > with past versions of themselves, & if they care, also with heimdal, > microsoft, and any other vendors or environments with which they wish > to interoperate. > > I think this is an area where it would pay more to actually come up > with a standard - ideally for keytab file formats, or failing that, > some sort of import/export stringified key exchange text standard. > > -Marcus > ________________________________________________ > Kerberos mailing list [email protected] > https://mailman.mit.edu/mailman/listinfo/kerberos > ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
