Password-based Authentication Protocol

There was a large increase in activity on password-based SASL authentication mechanism in the Prague IETF, with three new proposals. Unfortunately, I was travelling over the I-D cutoff, so my document didn’t make it. However, I’ve now finished a -00 document for it. The goal was initially to just specify a GSS-API mechanism, but it seemed easier to specify a framework-agnostic protocol (with some influences from GSS-API and SASL) and then specify the mapping to GSS-API and SASL.

http://josefsson.org/password-auth/

Announcing krb5dissect

Building on my earlier efforts to document the ccache format, I’ve now created the krb5dissect tool. It will parse your Kerberos ccache file (typically /tmp/krb5cc_$UID) and prints it in a human readable format.

This tool was written in about 1 hour, given the amazing amount of nice modules available from gnulib, and helpful tools such as gengetopt and help2man. Kudos!

Update! Version 2.0 can do the same for Kerberos keytab files (typically /etc/krb5.keytab).