Edit file

File name : rcache_file_format.html

Content :<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="X-UA-Compatible" content="IE=Edge" /> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Replay cache file format &#8212; MIT Kerberos Documentation</title> <link rel="stylesheet" href="../_static/agogo.css" type="text/css" /> <link rel="stylesheet" href="../_static/pygments.css" type="text/css" /> <link rel="stylesheet" href="../_static/kerb.css" type="text/css" /> <script type="text/javascript" id="documentation_options" data-url_root="../" src="../_static/documentation_options.js"></script> <script type="text/javascript" src="../_static/jquery.js"></script> <script type="text/javascript" src="../_static/underscore.js"></script> <script type="text/javascript" src="../_static/doctools.js"></script> <link rel="author" title="About these documents" href="../about.html" /> <link rel="index" title="Index" href="../genindex.html" /> <link rel="search" title="Search" href="../search.html" /> <link rel="copyright" title="Copyright" href="../copyright.html" /> <link rel="next" title="KDC cookie format" href="cookie.html" /> <link rel="prev" title="Keytab file format" href="keytab_file_format.html" /> </head><body> <div class="header-wrapper"> <div class="header"> <h1><a href="../index.html">MIT Kerberos Documentation</a></h1> <div class="rel"> <a href="../index.html" title="Full Table of Contents" accesskey="C">Contents</a> | <a href="keytab_file_format.html" title="Keytab file format" accesskey="P">previous</a> | <a href="cookie.html" title="KDC cookie format" accesskey="N">next</a> | <a href="../genindex.html" title="General Index" accesskey="I">index</a> | <a href="../search.html" title="Enter search criteria" accesskey="S">Search</a> | <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__Replay cache file format">feedback</a> </div> </div> </div> <div class="content-wrapper"> <div class="content"> <div class="document"> <div class="documentwrapper"> <div class="bodywrapper"> <div class="body" role="main"> <div class="section" id="replay-cache-file-format"> <h1>Replay cache file format<a class="headerlink" href="#replay-cache-file-format" title="Permalink to this headline">¶</a></h1> <p>This section documents the second version of the replay cache file format, used by the “file2” replay cache type (new in release 1.18). The first version of the file replay cache format is not documented.</p> <p>All accesses to the replay cache file take place under an exclusive POSIX or Windows file lock, obtained when the file is opened and released when it is closed. Replay cache files are automatically created when first accessed.</p> <p>For each store operation, a tag is derived from the checksum part of the <span class="target" id="index-0"></span><a class="rfc reference external" href="https://tools.ietf.org/html/rfc3961.html"><strong>RFC 3961</strong></a> ciphertext of the authenticator. The checksum is coerced to a fixed length of 12 bytes, either through truncation or right-padding with zero bytes. A four-byte timestamp is appended to the tag to produce a total record length of 16 bytes.</p> <p>Bytes 0 through 15 of the file contain a hash seed for the SipHash-2-4 algorithm (<a class="reference external" href="https://131002.net/siphash/siphash.pdf">siphash</a>); this field is populated with random bytes when the file is first created. All remaining bytes are divided into a series of expanding hash tables:</p> <ul class="simple"> <li>Bytes 16-16383: hash table 1 (1023 slots)</li> <li>Bytes 16384-49151: hash table 2 (2048 slots)</li> <li>Bytes 49152-114687: hash table 3 (4096 slots)</li> <li>…</li> </ul> <p>Only some hash tables will be present in the file at any specific time, and the final table may be only partially filled. Replay cache files may be sparse if the filesystem supports it.</p> <p>For each table present in the file, the tag is hashed with SipHash-2-4 using the seed recorded in the file. The first byte of the seed is incremented by one (modulo 256) for each table after the first. The resulting hash value is taken modulo one less than the table size (1022 for the first hash table, 2047 for the second) to produce the index. The record may be found at the slot given by the index or at the next slot.</p> <p>All candidate locations for the record must be searched until a slot is found with a timestamp of zero (indicating a slot which has never been written to) or an offset is reached at or beyond the end of the file. Any candidate location with a timestamp value of zero, with a timestamp value less than the current time minus clockskew, or at or beyond the end of the file is available for writing. When all candidate locations have been searched without finding a match, the new entry is written to the earliest candidate available for writing.</p> </div> </div> </div> </div> </div> <div class="sidebar"> <h2>On this page</h2> <ul> <li><a class="reference internal" href="#">Replay cache file format</a></li> </ul> <br/> <h2>Table of contents</h2> <ul class="current"> <li class="toctree-l1"><a class="reference internal" href="../user/index.html">For users</a></li> <li class="toctree-l1"><a class="reference internal" href="../admin/index.html">For administrators</a></li> <li class="toctree-l1"><a class="reference internal" href="../appdev/index.html">For application developers</a></li> <li class="toctree-l1"><a class="reference internal" href="../plugindev/index.html">For plugin module developers</a></li> <li class="toctree-l1"><a class="reference internal" href="../build/index.html">Building Kerberos V5</a></li> <li class="toctree-l1"><a class="reference internal" href="../basic/index.html">Kerberos V5 concepts</a></li> <li class="toctree-l1 current"><a class="reference internal" href="index.html">Protocols and file formats</a><ul class="current"> <li class="toctree-l2"><a class="reference internal" href="ccache_file_format.html">Credential cache file format</a></li> <li class="toctree-l2"><a class="reference internal" href="keytab_file_format.html">Keytab file format</a></li> <li class="toctree-l2 current"><a class="current reference internal" href="#">Replay cache file format</a></li> <li class="toctree-l2"><a class="reference internal" href="cookie.html">KDC cookie format</a></li> <li class="toctree-l2"><a class="reference internal" href="freshness_token.html">PKINIT freshness tokens</a></li> </ul> </li> <li class="toctree-l1"><a class="reference internal" href="../mitK5features.html">MIT Kerberos features</a></li> <li class="toctree-l1"><a class="reference internal" href="../build_this.html">How to build this documentation from the source</a></li> <li class="toctree-l1"><a class="reference internal" href="../about.html">Contributing to the MIT Kerberos Documentation</a></li> <li class="toctree-l1"><a class="reference internal" href="../resources.html">Resources</a></li> </ul> <br/> <h4><a href="../index.html">Full Table of Contents</a></h4> <h4>Search</h4> <form class="search" action="../search.html" method="get"> <input type="text" name="q" size="18" /> <input type="submit" value="Go" /> <input type="hidden" name="check_keywords" value="yes" /> <input type="hidden" name="area" value="default" /> </form> </div> <div class="clearer"></div> </div> </div> <div class="footer-wrapper"> <div class="footer" > <div class="right" ><i>Release: 1.18.2</i><br /> &copy; <a href="../copyright.html">Copyright</a> 1985-2020, MIT. </div> <div class="left"> <a href="../index.html" title="Full Table of Contents" >Contents</a> | <a href="keytab_file_format.html" title="Keytab file format" >previous</a> | <a href="cookie.html" title="KDC cookie format" >next</a> | <a href="../genindex.html" title="General Index" >index</a> | <a href="../search.html" title="Enter search criteria" >Search</a> | <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__Replay cache file format">feedback</a> </div> </div> </div> </body> </html>

Save