Blame doc/formats/keytab_file_format.rst
|
Packit |
fd8b60 |
.. _keytab_file_format:
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
Keytab file format
|
|
Packit |
fd8b60 |
==================
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
There are two versions of the file format used by the FILE keytab
|
|
Packit |
fd8b60 |
type. The first byte of the file always has the value 5, and the
|
|
Packit |
fd8b60 |
value of the second byte contains the version number (1 or 2).
|
|
Packit |
fd8b60 |
Version 1 of the file format uses native byte order for integer
|
|
Packit |
fd8b60 |
representations. Version 2 always uses big-endian byte order.
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
After the two-byte version indicator, the file contains a sequence of
|
|
Packit |
fd8b60 |
signed 32-bit record lengths followed by key records or holes. A
|
|
Packit |
fd8b60 |
positive record length indicates a valid key entry whose size is equal
|
|
Packit |
fd8b60 |
to or less than the record length. A negative length indicates a
|
|
Packit |
fd8b60 |
zero-filled hole whose size is the inverse of the length. A length of
|
|
Packit |
fd8b60 |
0 indicates the end of the file.
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
Key entry format
|
|
Packit |
fd8b60 |
----------------
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
A key entry may be smaller in size than the record length which
|
|
Packit |
fd8b60 |
precedes it, because it may have replaced a hole which is larger than
|
|
Packit |
fd8b60 |
the key entry. Key entries use the following informal grammar::
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
entry ::=
|
|
Packit |
fd8b60 |
principal
|
|
Packit |
fd8b60 |
timestamp (32 bits)
|
|
Packit |
fd8b60 |
key version (8 bits)
|
|
Packit |
fd8b60 |
enctype (16 bits)
|
|
Packit |
fd8b60 |
key length (16 bits)
|
|
Packit |
fd8b60 |
key contents
|
|
Packit |
fd8b60 |
key version (32 bits) [in release 1.14 and later]
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
principal ::=
|
|
Packit |
fd8b60 |
count of components (16 bits) [includes realm in version 1]
|
|
Packit |
fd8b60 |
realm (data)
|
|
Packit |
fd8b60 |
component1 (data)
|
|
Packit |
fd8b60 |
component2 (data)
|
|
Packit |
fd8b60 |
...
|
|
Packit |
fd8b60 |
name type (32 bits) [omitted in version 1]
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
data ::=
|
|
Packit |
fd8b60 |
length (16 bits)
|
|
Packit |
fd8b60 |
value (length bytes)
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
The 32-bit key version overrides the 8-bit key version. To determine
|
|
Packit |
fd8b60 |
if it is present, the implementation must check that at least 4 bytes
|
|
Packit |
fd8b60 |
remain in the record after the other fields are read, and that the
|
|
Packit |
fd8b60 |
value of the 32-bit integer contained in those bytes is non-zero.
|