Marcus Watts wrote: > I can understand not wanting to make this file format > very permanent.
Its not a question of making the file format permanent or not. The file format is extensible and it is documented in the source code. The Kerberos vendors work together and as such MIT, Heimdal and Microsoft all implement the same format. Unfortunately, the Java team got it wrong and have only recently corrected it. The problem with the existing format is that it does not have enough space to represent the entire set of key verson numbers that can be issued for a principal. Organizations that replace DES keys on a daily basis will run out of kvnos in well under a year. Therefore, the format needs to be extended. When we do so we would prefer to be able to upgrade applications by replacing our libraries rather then requiring that application vendors re-write their apps. We have a similar problem with the FILE: ccache format because the existing format cannot represent 64-bit time values. Jeffrey Altman ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
