Reading MIT/Heimdal Kerberos V5 credential files seemed like a good first step towards making Shishi more usable. Users will be able to continue using their existing Kerberos V5 applications and libraries, but will be able to gradually move to Shishi. This has actually been on the todo-list for Shishi since day one. A few months ago, Michael B Allen wrote up a specification of the keytab file format (i.e., the file format used by /etc/krb5.keytab), and I implemented it in Shishi. Now, that file contains hostkeys, and is thus only useful for servers. To be able to read the end-user credential files would be more useful. I fired up M-x hexl-find-file RET on /tmp/krb5cc_1000, and with the help of Michael’s prior work, I came up with the following file format description and basic implementation.
Kerberos ccache file format writeup
Parse ccache files, header file