New SASL GS2 document published
Thursday, March 29th, 2007Version -08 only fixes very minor WGLC comments.
Nothing to see really, but it marks progress for the document.
Archive for the ‘security’ Category
Libntlm 0.3.13
Tuesday, March 27th, 2007
Announcing krb5dissect
Wednesday, March 14th, 2007Building on my earlier efforts to document the ccache format, I’ve now created the krb5dissect tool. It will parse your Kerberos ccache file (typically /tmp/krb5cc_$UID) and prints it in a human readable format.
This tool was written in about 1 hour, given the amazing amount of nice modules available from gnulib, and helpful tools such as gengetopt and help2man. Kudos!
Update! Version 2.0 can do the same for Kerberos keytab files (typically /etc/krb5.keytab).
Cypak LoginKey
Wednesday, October 18th, 2006
Update of Kerberos V5 over TLS draft
Tuesday, October 3rd, 2006I finally took the time to update the Kerberos V5 over TLS document. After submitting the new -01 document, I had a look at the -00 version and it was published around two years ago, yikes.
Kerberos 5 Credential Cache file format
Wednesday, September 20th, 2006Reading MIT/Heimdal Kerberos V5 credential files seemed like a good first step towards making Shishi more usable. Users will be able to continue using their existing Kerberos V5 applications and libraries, but will be able to gradually move to Shishi. This has actually been on the todo-list for Shishi since day one. A few months ago, Michael B Allen wrote up a specification of the keytab file format (i.e., the file format used by /etc/krb5.keytab), and I implemented it in Shishi. Now, that file contains hostkeys, and is thus only useful for servers. To be able to read the end-user credential files would be more useful. I fired up M-x hexl-find-file RET on /tmp/krb5cc_1000, and with the help of Michael’s prior work, I came up with the following file format description and basic implementation.
Kerberos ccache file format writeup
