Re: krb5dissect

[Simon Josefsson]

Russ Allbery <address@hidden> writes:

> Simon Josefsson <address@hidden> writes:
>
>> Hi Russ!  I've written krb5dissect, from the README:
>
>> ,----
>> | Krb5dissect is a tool to extract information from Kerberos ccache
>> | credentials (e.g., /tmp/krb5cc_$UID) or Kerberos keytab credentials
>> | (e.g., /etc/krb5.keytab).
>> | 
>> | The ccache format is described in ccache.txt.  The ccache.h and
>> | ccache.c implementation was made for and is used in Shishi, see
>> | <http://josefsson.org/shishi/>.
>> | 
>> | The keytab format is described in keytab.txt.
>> `----
>
>> The version 2.1 release contains a debian/ directory and build
>> lintian-clean Debian packages, and I've filed an ITP #415040 for it.
>
>> Homepage: http://josefsson.org/krb5dissect/
>> Package: http://josefsson.org/krb5dissect/releases/
>
>> I'm looking for a Debian sponsor for this, do you have time to look at
>> this one too, Russ?
>
> Sure, I can sponsor this.  I have some other sponsorship requests I need
> to look at first, but I should get to it within a week.

Thanks!  If I'm going to rename the tool, you might want to hold off
for a while...

> I'm not entirely sure that I understand the utility, namely why I
> would ever use this instead of klist, but I guess I see it well
> enough to be willing to upload it.

Krb5dissect is meant as a debug tool, similar to 'dumpasn1' or 'od'.
'klist' doesn't print all the details in the files.

Perhaps it isn't worth packaging, I guess I got carried away when
creating a new project for this small thing.  Creating the Debian
package for it was too simple, I guess.

Still, I know I will find it useful for debugging when I make Shishi
use ccache/keytab's more, which is something I have decided to do.  It
will make Shishi work more as a drop-in and avoid users from having to
get the same credentials twice, once for MIT/Heimdal and once for
Shishi.  I have to sort out how to work around the limitations of the
formats.

/Simon