aboutsummaryrefslogtreecommitdiffstats
path: root/doc/html/formats
diff options
context:
space:
mode:
authorCy Schubert <cy@FreeBSD.org>2017-07-07 17:03:42 +0000
committerCy Schubert <cy@FreeBSD.org>2017-07-07 17:03:42 +0000
commit33a9b234e7087f573ef08cd7318c6497ba08b439 (patch)
treed0ea40ad3bf5463a3c55795977c71bcb7d781b4b /doc/html/formats
downloadsrc-33a9b234e7087f573ef08cd7318c6497ba08b439.tar.gz
src-33a9b234e7087f573ef08cd7318c6497ba08b439.zip
Import MIT KRB5 1.15.1, which will gracefully replace KTH Heimdal.vendor/krb5/1.15.1
The tarball used in this import is the same tarball used in ports/krb5-115 r435378. Obtained from: http://web.mit.edu/kerberos/dist/ Thanks to: pfg (for all your tireless behind-the-scenes effort)
Notes
Notes: svn path=/vendor-crypto/krb5/dist/; revision=320790 svn path=/vendor-crypto/krb5/1.15.1/; revision=320791; tag=vendor/krb5/1.15.1
Diffstat (limited to 'doc/html/formats')
-rw-r--r--doc/html/formats/ccache_file_format.html298
-rw-r--r--doc/html/formats/cookie.html197
-rw-r--r--doc/html/formats/index.html145
-rw-r--r--doc/html/formats/keytab_file_format.html187
4 files changed, 827 insertions, 0 deletions
diff --git a/doc/html/formats/ccache_file_format.html b/doc/html/formats/ccache_file_format.html
new file mode 100644
index 000000000000..d337aa1e00e7
--- /dev/null
+++ b/doc/html/formats/ccache_file_format.html
@@ -0,0 +1,298 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+ <head>
+ <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+
+ <title>Credential cache file format &mdash; MIT Kerberos Documentation</title>
+
+ <link rel="stylesheet" href="../_static/agogo.css" type="text/css" />
+ <link rel="stylesheet" href="../_static/pygments.css" type="text/css" />
+ <link rel="stylesheet" href="../_static/kerb.css" type="text/css" />
+
+ <script type="text/javascript">
+ var DOCUMENTATION_OPTIONS = {
+ URL_ROOT: '../',
+ VERSION: '1.15.1',
+ COLLAPSE_INDEX: false,
+ FILE_SUFFIX: '.html',
+ HAS_SOURCE: true
+ };
+ </script>
+ <script type="text/javascript" src="../_static/jquery.js"></script>
+ <script type="text/javascript" src="../_static/underscore.js"></script>
+ <script type="text/javascript" src="../_static/doctools.js"></script>
+ <link rel="author" title="About these documents" href="../about.html" />
+ <link rel="copyright" title="Copyright" href="../copyright.html" />
+ <link rel="top" title="MIT Kerberos Documentation" href="../index.html" />
+ <link rel="up" title="Protocols and file formats" href="index.html" />
+ <link rel="next" title="Keytab file format" href="keytab_file_format.html" />
+ <link rel="prev" title="Protocols and file formats" href="index.html" />
+ </head>
+ <body>
+ <div class="header-wrapper">
+ <div class="header">
+
+
+ <h1><a href="../index.html">MIT Kerberos Documentation</a></h1>
+
+ <div class="rel">
+
+ <a href="../index.html" title="Full Table of Contents"
+ accesskey="C">Contents</a> |
+ <a href="index.html" title="Protocols and file formats"
+ accesskey="P">previous</a> |
+ <a href="keytab_file_format.html" title="Keytab file format"
+ accesskey="N">next</a> |
+ <a href="../genindex.html" title="General Index"
+ accesskey="I">index</a> |
+ <a href="../search.html" title="Enter search criteria"
+ accesskey="S">Search</a> |
+ <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__Credential cache file format">feedback</a>
+ </div>
+ </div>
+ </div>
+
+ <div class="content-wrapper">
+ <div class="content">
+ <div class="document">
+
+ <div class="documentwrapper">
+ <div class="bodywrapper">
+ <div class="body">
+
+ <div class="section" id="credential-cache-file-format">
+<span id="ccache-file-format"></span><h1>Credential cache file format<a class="headerlink" href="#credential-cache-file-format" title="Permalink to this headline">¶</a></h1>
+<p>There are four versions of the file format used by the FILE credential
+cache type. The first byte of the file always has the value 5, and
+the value of the second byte contains the version number (1 through
+4). Versions 1 and 2 of the file format use native byte order for integer
+representations. Versions 3 and 4 always use big-endian byte order.</p>
+<p>After the two-byte version indicator, the file has three parts: the
+header (in version 4 only), the default principal name, and a sequence
+of credentials.</p>
+<div class="section" id="header-format">
+<h2>Header format<a class="headerlink" href="#header-format" title="Permalink to this headline">¶</a></h2>
+<p>The header appears only in format version 4. It begins with a 16-bit
+integer giving the length of the entire header, followed by a sequence
+of fields. Each field consists of a 16-bit tag, a 16-bit length, and
+a value of the given length. A file format implementation should
+ignore fields with unknown tags.</p>
+<p>At this time there is only one defined header field. Its tag value is
+1, its length is always 8, and its contents are two 32-bit integers
+giving the seconds and microseconds of the time offset of the KDC
+relative to the client. Adding this offset to the current time on the
+client should give the current time on the KDC, if that offset has not
+changed since the initial authentication.</p>
+</div>
+<div class="section" id="principal-format">
+<span id="cache-principal-format"></span><h2>Principal format<a class="headerlink" href="#principal-format" title="Permalink to this headline">¶</a></h2>
+<p>The default principal is marshalled using the following informal
+grammar:</p>
+<div class="highlight-python"><div class="highlight"><pre>principal ::=
+ name type (32 bits) [omitted in version 1]
+ count of components (32 bits) [includes realm in version 1]
+ realm (data)
+ component1 (data)
+ component2 (data)
+ ...
+
+data ::=
+ length (32 bits)
+ value (length bytes)
+</pre></div>
+</div>
+<p>There is no external framing on the default principal, so it must be
+parsed according to the above grammar in order to find the sequence of
+credentials which follows.</p>
+</div>
+<div class="section" id="credential-format">
+<span id="ccache-credential-format"></span><h2>Credential format<a class="headerlink" href="#credential-format" title="Permalink to this headline">¶</a></h2>
+<p>The credential format uses the following informal grammar (referencing
+the <tt class="docutils literal"><span class="pre">principal</span></tt> and <tt class="docutils literal"><span class="pre">data</span></tt> types from the previous section):</p>
+<div class="highlight-python"><div class="highlight"><pre>credential ::=
+ client (principal)
+ server (principal)
+ keyblock (keyblock)
+ authtime (32 bits)
+ starttime (32 bits)
+ endtime (32 bits)
+ renew_till (32 bits)
+ is_skey (1 byte, 0 or 1)
+ ticket_flags (32 bits)
+ addresses (addresses)
+ authdata (authdata)
+ ticket (data)
+ second_ticket (data)
+
+keyblock ::=
+ enctype (16 bits) [repeated twice in version 3]
+ data
+
+addresses ::=
+ count (32 bits)
+ address1
+ address2
+ ...
+
+address ::=
+ addrtype (16 bits)
+ data
+
+authdata ::=
+ count (32 bits)
+ authdata1
+ authdata2
+ ...
+
+authdata ::=
+ ad_type (16 bits)
+ data
+</pre></div>
+</div>
+<p>There is no external framing on a marshalled credential, so it must be
+parsed according to the above grammar in order to find the next
+credential. There is also no count of credentials or marker at the
+end of the sequence of credentials; the sequence ends when the file
+ends.</p>
+</div>
+<div class="section" id="credential-cache-configuration-entries">
+<h2>Credential cache configuration entries<a class="headerlink" href="#credential-cache-configuration-entries" title="Permalink to this headline">¶</a></h2>
+<p>Configuration entries are encoded as credential entries. The client
+principal of the entry is the default principal of the cache. The
+server principal has the realm <tt class="docutils literal"><span class="pre">X-CACHECONF:</span></tt> and two or three
+components, the first of which is <tt class="docutils literal"><span class="pre">krb5_ccache_conf_data</span></tt>. The
+server principal&#8217;s second component is the configuration key. The
+third component, if it exists, is a principal to which the
+configuration key is associated. The configuration value is stored in
+the ticket field of the entry. All other entry fields are zeroed.</p>
+<p>Programs using credential caches must be aware of configuration
+entries for several reasons:</p>
+<ul class="simple">
+<li>A program which displays the contents of a cache should not
+generally display configuration entries.</li>
+<li>The ticket field of a configuration entry is not (usually) a valid
+encoding of a Kerberos ticket. An implementation must not treat the
+cache file as malformed if it cannot decode the ticket field.</li>
+<li>Configuration entries have an endtime field of 0 and might therefore
+always be considered expired, but they should not be treated as
+unimportant as a result. For instance, a program which copies
+credentials from one cache to another should not omit configuration
+entries because of the endtime.</li>
+</ul>
+<p>The following configuration keys are currently used in MIT krb5:</p>
+<dl class="docutils">
+<dt>fast_avail</dt>
+<dd>The presence of this key with a non-empty value indicates that the
+KDC asserted support for FAST (see <span class="target" id="index-0"></span><a class="rfc reference external" href="http://tools.ietf.org/html/rfc6113.html"><strong>RFC 6113</strong></a>) during the initial
+authentication, using the negotiation method described in
+<span class="target" id="index-1"></span><a class="rfc reference external" href="http://tools.ietf.org/html/rfc6806.html"><strong>RFC 6806</strong></a> section 11. This key is not associated with any
+principal.</dd>
+<dt>pa_config_data</dt>
+<dd>The value of this key contains a JSON object representation of
+parameters remembered by the preauthentication mechanism used
+during the initial authentication. These parameters may be used
+when refreshing credentials. This key is associated with the
+server principal of the initial authentication (usually the local
+krbtgt principal of the client realm).</dd>
+<dt>pa_type</dt>
+<dd>The value of this key is the ASCII decimal representation of the
+preauth type number used during the initial authentication. This
+key is associated with the server principal of the initial
+authentication.</dd>
+<dt>proxy_impersonator</dt>
+<dd>The presence of this key indicates that the cache is a synthetic
+delegated credential for use with S4U2Proxy. The value is the
+name of the intermediate service whose TGT can be used to make
+S4U2Proxy requests for target services. This key is not
+associated with any principal.</dd>
+<dt>refresh_time</dt>
+<dd>The presence of this key indicates that the cache was acquired by
+the GSS mechanism using a client keytab. The value is the ASCII
+decimal representation of a timestamp at which the GSS mechanism
+should attempt to refresh the credential cache from the client
+keytab.</dd>
+</dl>
+</div>
+</div>
+
+
+ </div>
+ </div>
+ </div>
+ </div>
+ <div class="sidebar">
+ <h2>On this page</h2>
+ <ul>
+<li><a class="reference internal" href="#">Credential cache file format</a><ul>
+<li><a class="reference internal" href="#header-format">Header format</a></li>
+<li><a class="reference internal" href="#principal-format">Principal format</a></li>
+<li><a class="reference internal" href="#credential-format">Credential format</a></li>
+<li><a class="reference internal" href="#credential-cache-configuration-entries">Credential cache configuration entries</a></li>
+</ul>
+</li>
+</ul>
+
+ <br/>
+ <h2>Table of contents</h2>
+ <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../user/index.html">For users</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../admin/index.html">For administrators</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../appdev/index.html">For application developers</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../plugindev/index.html">For plugin module developers</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../build/index.html">Building Kerberos V5</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../basic/index.html">Kerberos V5 concepts</a></li>
+<li class="toctree-l1 current"><a class="reference internal" href="index.html">Protocols and file formats</a><ul class="current">
+<li class="toctree-l2 current"><a class="current reference internal" href="">Credential cache file format</a><ul class="simple">
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="keytab_file_format.html">Keytab file format</a></li>
+<li class="toctree-l2"><a class="reference internal" href="cookie.html">KDC cookie format</a></li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="../mitK5features.html">MIT Kerberos features</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../build_this.html">How to build this documentation from the source</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../about.html">Contributing to the MIT Kerberos Documentation</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../resources.html">Resources</a></li>
+</ul>
+
+ <br/>
+ <h4><a href="../index.html">Full Table of Contents</a></h4>
+ <h4>Search</h4>
+ <form class="search" action="../search.html" method="get">
+ <input type="text" name="q" size="18" />
+ <input type="submit" value="Go" />
+ <input type="hidden" name="check_keywords" value="yes" />
+ <input type="hidden" name="area" value="default" />
+ </form>
+ </div>
+ <div class="clearer"></div>
+ </div>
+ </div>
+
+ <div class="footer-wrapper">
+ <div class="footer" >
+ <div class="right" ><i>Release: 1.15.1</i><br />
+ &copy; <a href="../copyright.html">Copyright</a> 1985-2017, MIT.
+ </div>
+ <div class="left">
+
+ <a href="../index.html" title="Full Table of Contents"
+ >Contents</a> |
+ <a href="index.html" title="Protocols and file formats"
+ >previous</a> |
+ <a href="keytab_file_format.html" title="Keytab file format"
+ >next</a> |
+ <a href="../genindex.html" title="General Index"
+ >index</a> |
+ <a href="../search.html" title="Enter search criteria"
+ >Search</a> |
+ <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__Credential cache file format">feedback</a>
+ </div>
+ </div>
+ </div>
+
+ </body>
+</html> \ No newline at end of file
diff --git a/doc/html/formats/cookie.html b/doc/html/formats/cookie.html
new file mode 100644
index 000000000000..f02cad59eb90
--- /dev/null
+++ b/doc/html/formats/cookie.html
@@ -0,0 +1,197 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+ <head>
+ <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+
+ <title>KDC cookie format &mdash; MIT Kerberos Documentation</title>
+
+ <link rel="stylesheet" href="../_static/agogo.css" type="text/css" />
+ <link rel="stylesheet" href="../_static/pygments.css" type="text/css" />
+ <link rel="stylesheet" href="../_static/kerb.css" type="text/css" />
+
+ <script type="text/javascript">
+ var DOCUMENTATION_OPTIONS = {
+ URL_ROOT: '../',
+ VERSION: '1.15.1',
+ COLLAPSE_INDEX: false,
+ FILE_SUFFIX: '.html',
+ HAS_SOURCE: true
+ };
+ </script>
+ <script type="text/javascript" src="../_static/jquery.js"></script>
+ <script type="text/javascript" src="../_static/underscore.js"></script>
+ <script type="text/javascript" src="../_static/doctools.js"></script>
+ <link rel="author" title="About these documents" href="../about.html" />
+ <link rel="copyright" title="Copyright" href="../copyright.html" />
+ <link rel="top" title="MIT Kerberos Documentation" href="../index.html" />
+ <link rel="up" title="Protocols and file formats" href="index.html" />
+ <link rel="next" title="MIT Kerberos features" href="../mitK5features.html" />
+ <link rel="prev" title="Keytab file format" href="keytab_file_format.html" />
+ </head>
+ <body>
+ <div class="header-wrapper">
+ <div class="header">
+
+
+ <h1><a href="../index.html">MIT Kerberos Documentation</a></h1>
+
+ <div class="rel">
+
+ <a href="../index.html" title="Full Table of Contents"
+ accesskey="C">Contents</a> |
+ <a href="keytab_file_format.html" title="Keytab file format"
+ accesskey="P">previous</a> |
+ <a href="../mitK5features.html" title="MIT Kerberos features"
+ accesskey="N">next</a> |
+ <a href="../genindex.html" title="General Index"
+ accesskey="I">index</a> |
+ <a href="../search.html" title="Enter search criteria"
+ accesskey="S">Search</a> |
+ <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__KDC cookie format">feedback</a>
+ </div>
+ </div>
+ </div>
+
+ <div class="content-wrapper">
+ <div class="content">
+ <div class="document">
+
+ <div class="documentwrapper">
+ <div class="bodywrapper">
+ <div class="body">
+
+ <div class="section" id="kdc-cookie-format">
+<h1>KDC cookie format<a class="headerlink" href="#kdc-cookie-format" title="Permalink to this headline">¶</a></h1>
+<p><span class="target" id="index-0"></span><a class="rfc reference external" href="http://tools.ietf.org/html/rfc6113.html"><strong>RFC 6113</strong></a> section 5.2 specifies a pa-data type PA-FX-COOKIE, which
+clients are required to reflect back to the KDC during
+pre-authentication. The MIT krb5 KDC uses the following formats for
+cookies.</p>
+<div class="section" id="trivial-cookie-version-0">
+<h2>Trivial cookie (version 0)<a class="headerlink" href="#trivial-cookie-version-0" title="Permalink to this headline">¶</a></h2>
+<p>If there is no pre-authentication mechanism state information to save,
+a trivial cookie containing the value &#8220;MIT&#8221; is used. A trivial cookie
+is needed to indicate that the conversation can continue.</p>
+</div>
+<div class="section" id="secure-cookie-version-1">
+<h2>Secure cookie (version 1)<a class="headerlink" href="#secure-cookie-version-1" title="Permalink to this headline">¶</a></h2>
+<p>In release 1.14 and later, a secure cookie can be sent if there is any
+mechanism state to save for the next request. A secure cookie
+contains the concatenation of the following:</p>
+<ul class="simple">
+<li>the four bytes &#8220;MIT1&#8221;</li>
+<li>a four-byte big-endian kvno value</li>
+<li>an <span class="target" id="index-1"></span><a class="rfc reference external" href="http://tools.ietf.org/html/rfc3961.html"><strong>RFC 3961</strong></a> ciphertext</li>
+</ul>
+<p>The ciphertext is encrypted in the cookie key with key usage
+number 513. The cookie key is derived from a key in the local krbtgt
+principal entry for the realm (e.g. <tt class="docutils literal"><span class="pre">krbtgt/KRBTEST.COM&#64;KRBTEST.COM</span></tt>
+if the request is to the <tt class="docutils literal"><span class="pre">KRBTEST.COM</span></tt> realm). The first krbtgt key
+for the indicated kvno value is combined with the client principal as
+follows:</p>
+<div class="highlight-python"><div class="highlight"><pre><span class="n">cookie</span><span class="o">-</span><span class="n">key</span> <span class="o">&lt;-</span> <span class="n">random</span><span class="o">-</span><span class="n">to</span><span class="o">-</span><span class="n">key</span><span class="p">(</span><span class="n">PRF</span><span class="o">+</span><span class="p">(</span><span class="n">tgt</span><span class="o">-</span><span class="n">key</span><span class="p">,</span> <span class="s">&quot;COOKIE&quot;</span> <span class="o">|</span> <span class="n">client</span><span class="o">-</span><span class="n">princ</span><span class="p">))</span>
+</pre></div>
+</div>
+<p>where <strong>random-to-key</strong> is the <span class="target" id="index-2"></span><a class="rfc reference external" href="http://tools.ietf.org/html/rfc3961.html"><strong>RFC 3961</strong></a> random-to-key operation for
+the krbtgt key&#8217;s encryption type, <strong>PRF+</strong> is defined in <span class="target" id="index-3"></span><a class="rfc reference external" href="http://tools.ietf.org/html/rfc6113.html"><strong>RFC 6113</strong></a>,
+and <tt class="docutils literal"><span class="pre">|</span></tt> denotes concatenation. <em>client-princ</em> is the request client
+principal name with realm, marshalled according to <span class="target" id="index-4"></span><a class="rfc reference external" href="http://tools.ietf.org/html/rfc1964.html"><strong>RFC 1964</strong></a> section
+2.1.1.</p>
+<p>The plain text of the encrypted part of a cookie is the DER encoding
+of the following ASN.1 type:</p>
+<div class="highlight-python"><div class="highlight"><pre>SecureCookie ::= SEQUENCE {
+ time INTEGER,
+ data SEQUENCE OF PA-DATA,
+ ...
+}
+</pre></div>
+</div>
+<p>The time field represents the cookie creation time; for brevity, it is
+encoded as an integer giving the POSIX timestamp rather than as an
+ASN.1 GeneralizedTime value. The data field contains one element for
+each pre-authentication type which requires saved state. For
+mechanisms which have separate request and reply types, the request
+type is used; this allows the KDC to determine whether a cookie is
+relevant to a request by comparing the request pa-data types to the
+cookie data types.</p>
+</div>
+</div>
+
+
+ </div>
+ </div>
+ </div>
+ </div>
+ <div class="sidebar">
+ <h2>On this page</h2>
+ <ul>
+<li><a class="reference internal" href="#">KDC cookie format</a><ul>
+<li><a class="reference internal" href="#trivial-cookie-version-0">Trivial cookie (version 0)</a></li>
+<li><a class="reference internal" href="#secure-cookie-version-1">Secure cookie (version 1)</a></li>
+</ul>
+</li>
+</ul>
+
+ <br/>
+ <h2>Table of contents</h2>
+ <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../user/index.html">For users</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../admin/index.html">For administrators</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../appdev/index.html">For application developers</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../plugindev/index.html">For plugin module developers</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../build/index.html">Building Kerberos V5</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../basic/index.html">Kerberos V5 concepts</a></li>
+<li class="toctree-l1 current"><a class="reference internal" href="index.html">Protocols and file formats</a><ul class="current">
+<li class="toctree-l2"><a class="reference internal" href="ccache_file_format.html">Credential cache file format</a></li>
+<li class="toctree-l2"><a class="reference internal" href="keytab_file_format.html">Keytab file format</a></li>
+<li class="toctree-l2 current"><a class="current reference internal" href="">KDC cookie format</a><ul class="simple">
+</ul>
+</li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="../mitK5features.html">MIT Kerberos features</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../build_this.html">How to build this documentation from the source</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../about.html">Contributing to the MIT Kerberos Documentation</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../resources.html">Resources</a></li>
+</ul>
+
+ <br/>
+ <h4><a href="../index.html">Full Table of Contents</a></h4>
+ <h4>Search</h4>
+ <form class="search" action="../search.html" method="get">
+ <input type="text" name="q" size="18" />
+ <input type="submit" value="Go" />
+ <input type="hidden" name="check_keywords" value="yes" />
+ <input type="hidden" name="area" value="default" />
+ </form>
+ </div>
+ <div class="clearer"></div>
+ </div>
+ </div>
+
+ <div class="footer-wrapper">
+ <div class="footer" >
+ <div class="right" ><i>Release: 1.15.1</i><br />
+ &copy; <a href="../copyright.html">Copyright</a> 1985-2017, MIT.
+ </div>
+ <div class="left">
+
+ <a href="../index.html" title="Full Table of Contents"
+ >Contents</a> |
+ <a href="keytab_file_format.html" title="Keytab file format"
+ >previous</a> |
+ <a href="../mitK5features.html" title="MIT Kerberos features"
+ >next</a> |
+ <a href="../genindex.html" title="General Index"
+ >index</a> |
+ <a href="../search.html" title="Enter search criteria"
+ >Search</a> |
+ <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__KDC cookie format">feedback</a>
+ </div>
+ </div>
+ </div>
+
+ </body>
+</html> \ No newline at end of file
diff --git a/doc/html/formats/index.html b/doc/html/formats/index.html
new file mode 100644
index 000000000000..42e75c2fbb1a
--- /dev/null
+++ b/doc/html/formats/index.html
@@ -0,0 +1,145 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+ <head>
+ <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+
+ <title>Protocols and file formats &mdash; MIT Kerberos Documentation</title>
+
+ <link rel="stylesheet" href="../_static/agogo.css" type="text/css" />
+ <link rel="stylesheet" href="../_static/pygments.css" type="text/css" />
+ <link rel="stylesheet" href="../_static/kerb.css" type="text/css" />
+
+ <script type="text/javascript">
+ var DOCUMENTATION_OPTIONS = {
+ URL_ROOT: '../',
+ VERSION: '1.15.1',
+ COLLAPSE_INDEX: false,
+ FILE_SUFFIX: '.html',
+ HAS_SOURCE: true
+ };
+ </script>
+ <script type="text/javascript" src="../_static/jquery.js"></script>
+ <script type="text/javascript" src="../_static/underscore.js"></script>
+ <script type="text/javascript" src="../_static/doctools.js"></script>
+ <link rel="author" title="About these documents" href="../about.html" />
+ <link rel="copyright" title="Copyright" href="../copyright.html" />
+ <link rel="top" title="MIT Kerberos Documentation" href="../index.html" />
+ <link rel="next" title="Credential cache file format" href="ccache_file_format.html" />
+ <link rel="prev" title="Supported date and time formats" href="../basic/date_format.html" />
+ </head>
+ <body>
+ <div class="header-wrapper">
+ <div class="header">
+
+
+ <h1><a href="../index.html">MIT Kerberos Documentation</a></h1>
+
+ <div class="rel">
+
+ <a href="../index.html" title="Full Table of Contents"
+ accesskey="C">Contents</a> |
+ <a href="../basic/date_format.html" title="Supported date and time formats"
+ accesskey="P">previous</a> |
+ <a href="ccache_file_format.html" title="Credential cache file format"
+ accesskey="N">next</a> |
+ <a href="../genindex.html" title="General Index"
+ accesskey="I">index</a> |
+ <a href="../search.html" title="Enter search criteria"
+ accesskey="S">Search</a> |
+ <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__Protocols and file formats">feedback</a>
+ </div>
+ </div>
+ </div>
+
+ <div class="content-wrapper">
+ <div class="content">
+ <div class="document">
+
+ <div class="documentwrapper">
+ <div class="bodywrapper">
+ <div class="body">
+
+ <div class="section" id="protocols-and-file-formats">
+<h1>Protocols and file formats<a class="headerlink" href="#protocols-and-file-formats" title="Permalink to this headline">¶</a></h1>
+<div class="toctree-wrapper compound">
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="ccache_file_format.html">Credential cache file format</a></li>
+<li class="toctree-l1"><a class="reference internal" href="keytab_file_format.html">Keytab file format</a></li>
+<li class="toctree-l1"><a class="reference internal" href="cookie.html">KDC cookie format</a></li>
+</ul>
+</div>
+</div>
+
+
+ </div>
+ </div>
+ </div>
+ </div>
+ <div class="sidebar">
+ <h2>On this page</h2>
+ <ul>
+<li><a class="reference internal" href="#">Protocols and file formats</a></li>
+</ul>
+
+ <br/>
+ <h2>Table of contents</h2>
+ <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../user/index.html">For users</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../admin/index.html">For administrators</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../appdev/index.html">For application developers</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../plugindev/index.html">For plugin module developers</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../build/index.html">Building Kerberos V5</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../basic/index.html">Kerberos V5 concepts</a></li>
+<li class="toctree-l1 current"><a class="current reference internal" href="">Protocols and file formats</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="ccache_file_format.html">Credential cache file format</a></li>
+<li class="toctree-l2"><a class="reference internal" href="keytab_file_format.html">Keytab file format</a></li>
+<li class="toctree-l2"><a class="reference internal" href="cookie.html">KDC cookie format</a></li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="../mitK5features.html">MIT Kerberos features</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../build_this.html">How to build this documentation from the source</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../about.html">Contributing to the MIT Kerberos Documentation</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../resources.html">Resources</a></li>
+</ul>
+
+ <br/>
+ <h4><a href="../index.html">Full Table of Contents</a></h4>
+ <h4>Search</h4>
+ <form class="search" action="../search.html" method="get">
+ <input type="text" name="q" size="18" />
+ <input type="submit" value="Go" />
+ <input type="hidden" name="check_keywords" value="yes" />
+ <input type="hidden" name="area" value="default" />
+ </form>
+ </div>
+ <div class="clearer"></div>
+ </div>
+ </div>
+
+ <div class="footer-wrapper">
+ <div class="footer" >
+ <div class="right" ><i>Release: 1.15.1</i><br />
+ &copy; <a href="../copyright.html">Copyright</a> 1985-2017, MIT.
+ </div>
+ <div class="left">
+
+ <a href="../index.html" title="Full Table of Contents"
+ >Contents</a> |
+ <a href="../basic/date_format.html" title="Supported date and time formats"
+ >previous</a> |
+ <a href="ccache_file_format.html" title="Credential cache file format"
+ >next</a> |
+ <a href="../genindex.html" title="General Index"
+ >index</a> |
+ <a href="../search.html" title="Enter search criteria"
+ >Search</a> |
+ <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__Protocols and file formats">feedback</a>
+ </div>
+ </div>
+ </div>
+
+ </body>
+</html> \ No newline at end of file
diff --git a/doc/html/formats/keytab_file_format.html b/doc/html/formats/keytab_file_format.html
new file mode 100644
index 000000000000..843cb48a27e2
--- /dev/null
+++ b/doc/html/formats/keytab_file_format.html
@@ -0,0 +1,187 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+ <head>
+ <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+
+ <title>Keytab file format &mdash; MIT Kerberos Documentation</title>
+
+ <link rel="stylesheet" href="../_static/agogo.css" type="text/css" />
+ <link rel="stylesheet" href="../_static/pygments.css" type="text/css" />
+ <link rel="stylesheet" href="../_static/kerb.css" type="text/css" />
+
+ <script type="text/javascript">
+ var DOCUMENTATION_OPTIONS = {
+ URL_ROOT: '../',
+ VERSION: '1.15.1',
+ COLLAPSE_INDEX: false,
+ FILE_SUFFIX: '.html',
+ HAS_SOURCE: true
+ };
+ </script>
+ <script type="text/javascript" src="../_static/jquery.js"></script>
+ <script type="text/javascript" src="../_static/underscore.js"></script>
+ <script type="text/javascript" src="../_static/doctools.js"></script>
+ <link rel="author" title="About these documents" href="../about.html" />
+ <link rel="copyright" title="Copyright" href="../copyright.html" />
+ <link rel="top" title="MIT Kerberos Documentation" href="../index.html" />
+ <link rel="up" title="Protocols and file formats" href="index.html" />
+ <link rel="next" title="KDC cookie format" href="cookie.html" />
+ <link rel="prev" title="Credential cache file format" href="ccache_file_format.html" />
+ </head>
+ <body>
+ <div class="header-wrapper">
+ <div class="header">
+
+
+ <h1><a href="../index.html">MIT Kerberos Documentation</a></h1>
+
+ <div class="rel">
+
+ <a href="../index.html" title="Full Table of Contents"
+ accesskey="C">Contents</a> |
+ <a href="ccache_file_format.html" title="Credential cache file format"
+ accesskey="P">previous</a> |
+ <a href="cookie.html" title="KDC cookie format"
+ accesskey="N">next</a> |
+ <a href="../genindex.html" title="General Index"
+ accesskey="I">index</a> |
+ <a href="../search.html" title="Enter search criteria"
+ accesskey="S">Search</a> |
+ <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__Keytab file format">feedback</a>
+ </div>
+ </div>
+ </div>
+
+ <div class="content-wrapper">
+ <div class="content">
+ <div class="document">
+
+ <div class="documentwrapper">
+ <div class="bodywrapper">
+ <div class="body">
+
+ <div class="section" id="keytab-file-format">
+<span id="id1"></span><h1>Keytab file format<a class="headerlink" href="#keytab-file-format" title="Permalink to this headline">¶</a></h1>
+<p>There are two versions of the file format used by the FILE keytab
+type. The first byte of the file always has the value 5, and the
+value of the second byte contains the version number (1 or 2).
+Version 1 of the file format uses native byte order for integer
+representations. Version 2 always uses big-endian byte order.</p>
+<p>After the two-byte version indicator, the file contains a sequence of
+signed 32-bit record lengths followed by key records or holes. A
+positive record length indicates a valid key entry whose size is equal
+to or less than the record length. A negative length indicates a
+zero-filled hole whose size is the inverse of the length. A length of
+0 indicates the end of the file.</p>
+<div class="section" id="key-entry-format">
+<h2>Key entry format<a class="headerlink" href="#key-entry-format" title="Permalink to this headline">¶</a></h2>
+<p>A key entry may be smaller in size than the record length which
+precedes it, because it may have replaced a hole which is larger than
+the key entry. Key entries use the following informal grammar:</p>
+<div class="highlight-python"><div class="highlight"><pre>entry ::=
+ principal
+ timestamp (32 bits)
+ key version (8 bits)
+ enctype (16 bits)
+ key length (16 bits)
+ key contents
+ key version (32 bits) [in release 1.14 and later]
+
+principal ::=
+ count of components (16 bits) [includes realm in version 1]
+ realm (data)
+ component1 (data)
+ component2 (data)
+ ...
+ name type (32 bits) [omitted in version 1]
+
+data ::=
+ length (16 bits)
+ value (length bytes)
+</pre></div>
+</div>
+<p>The 32-bit key version overrides the 8-bit key version. To determine
+if it is present, the implementation must check that at least 4 bytes
+remain in the record after the other fields are read, and that the
+value of the 32-bit integer contained in those bytes is non-zero.</p>
+</div>
+</div>
+
+
+ </div>
+ </div>
+ </div>
+ </div>
+ <div class="sidebar">
+ <h2>On this page</h2>
+ <ul>
+<li><a class="reference internal" href="#">Keytab file format</a><ul>
+<li><a class="reference internal" href="#key-entry-format">Key entry format</a></li>
+</ul>
+</li>
+</ul>
+
+ <br/>
+ <h2>Table of contents</h2>
+ <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../user/index.html">For users</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../admin/index.html">For administrators</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../appdev/index.html">For application developers</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../plugindev/index.html">For plugin module developers</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../build/index.html">Building Kerberos V5</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../basic/index.html">Kerberos V5 concepts</a></li>
+<li class="toctree-l1 current"><a class="reference internal" href="index.html">Protocols and file formats</a><ul class="current">
+<li class="toctree-l2"><a class="reference internal" href="ccache_file_format.html">Credential cache file format</a></li>
+<li class="toctree-l2 current"><a class="current reference internal" href="">Keytab file format</a><ul class="simple">
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="cookie.html">KDC cookie format</a></li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="../mitK5features.html">MIT Kerberos features</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../build_this.html">How to build this documentation from the source</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../about.html">Contributing to the MIT Kerberos Documentation</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../resources.html">Resources</a></li>
+</ul>
+
+ <br/>
+ <h4><a href="../index.html">Full Table of Contents</a></h4>
+ <h4>Search</h4>
+ <form class="search" action="../search.html" method="get">
+ <input type="text" name="q" size="18" />
+ <input type="submit" value="Go" />
+ <input type="hidden" name="check_keywords" value="yes" />
+ <input type="hidden" name="area" value="default" />
+ </form>
+ </div>
+ <div class="clearer"></div>
+ </div>
+ </div>
+
+ <div class="footer-wrapper">
+ <div class="footer" >
+ <div class="right" ><i>Release: 1.15.1</i><br />
+ &copy; <a href="../copyright.html">Copyright</a> 1985-2017, MIT.
+ </div>
+ <div class="left">
+
+ <a href="../index.html" title="Full Table of Contents"
+ >Contents</a> |
+ <a href="ccache_file_format.html" title="Credential cache file format"
+ >previous</a> |
+ <a href="cookie.html" title="KDC cookie format"
+ >next</a> |
+ <a href="../genindex.html" title="General Index"
+ >index</a> |
+ <a href="../search.html" title="Enter search criteria"
+ >Search</a> |
+ <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__Keytab file format">feedback</a>
+ </div>
+ </div>
+ </div>
+
+ </body>
+</html> \ No newline at end of file