1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Replay cache file format — MIT Kerberos Documentation</title>
<link rel="stylesheet" href="../_static/agogo.css" type="text/css" />
<link rel="stylesheet" href="../_static/pygments.css" type="text/css" />
<link rel="stylesheet" href="../_static/kerb.css" type="text/css" />
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT: '../',
VERSION: '1.21.1',
COLLAPSE_INDEX: false,
FILE_SUFFIX: '.html',
HAS_SOURCE: true,
SOURCELINK_SUFFIX: '.txt'
};
</script>
<script type="text/javascript" src="../_static/jquery.js"></script>
<script type="text/javascript" src="../_static/underscore.js"></script>
<script type="text/javascript" src="../_static/doctools.js"></script>
<link rel="author" title="About these documents" href="../about.html" />
<link rel="index" title="Index" href="../genindex.html" />
<link rel="search" title="Search" href="../search.html" />
<link rel="copyright" title="Copyright" href="../copyright.html" />
<link rel="next" title="KDC cookie format" href="cookie.html" />
<link rel="prev" title="Keytab file format" href="keytab_file_format.html" />
</head>
<body>
<div class="header-wrapper">
<div class="header">
<h1><a href="../index.html">MIT Kerberos Documentation</a></h1>
<div class="rel">
<a href="../index.html" title="Full Table of Contents"
accesskey="C">Contents</a> |
<a href="keytab_file_format.html" title="Keytab file format"
accesskey="P">previous</a> |
<a href="cookie.html" title="KDC cookie format"
accesskey="N">next</a> |
<a href="../genindex.html" title="General Index"
accesskey="I">index</a> |
<a href="../search.html" title="Enter search criteria"
accesskey="S">Search</a> |
<a href="mailto:krb5-bugs@mit.edu?subject=Documentation__Replay cache file format">feedback</a>
</div>
</div>
</div>
<div class="content-wrapper">
<div class="content">
<div class="document">
<div class="documentwrapper">
<div class="bodywrapper">
<div class="body" role="main">
<div class="section" id="replay-cache-file-format">
<h1>Replay cache file format<a class="headerlink" href="#replay-cache-file-format" title="Permalink to this headline">¶</a></h1>
<p>This section documents the second version of the replay cache file
format, used by the “file2” replay cache type (new in release 1.18).
The first version of the file replay cache format is not documented.</p>
<p>All accesses to the replay cache file take place under an exclusive
POSIX or Windows file lock, obtained when the file is opened and
released when it is closed. Replay cache files are automatically
created when first accessed.</p>
<p>For each store operation, a tag is derived from the checksum part of
the <span class="target" id="index-0"></span><a class="rfc reference external" href="https://tools.ietf.org/html/rfc3961.html"><strong>RFC 3961</strong></a> ciphertext of the authenticator. The checksum is
coerced to a fixed length of 12 bytes, either through truncation or
right-padding with zero bytes. A four-byte timestamp is appended to
the tag to produce a total record length of 16 bytes.</p>
<p>Bytes 0 through 15 of the file contain a hash seed for the SipHash-2-4
algorithm (<a class="reference external" href="https://131002.net/siphash/siphash.pdf">siphash</a>); this field is populated with random bytes when
the file is first created. All remaining bytes are divided into a
series of expanding hash tables:</p>
<ul class="simple">
<li>Bytes 16-16383: hash table 1 (1023 slots)</li>
<li>Bytes 16384-49151: hash table 2 (2048 slots)</li>
<li>Bytes 49152-114687: hash table 3 (4096 slots)</li>
<li>…</li>
</ul>
<p>Only some hash tables will be present in the file at any specific
time, and the final table may be only partially filled. Replay cache
files may be sparse if the filesystem supports it.</p>
<p>For each table present in the file, the tag is hashed with SipHash-2-4
using the seed recorded in the file. The first byte of the seed is
incremented by one (modulo 256) for each table after the first. The
resulting hash value is taken modulo one less than the table size
(1022 for the first hash table, 2047 for the second) to produce the
index. The record may be found at the slot given by the index or at
the next slot.</p>
<p>All candidate locations for the record must be searched until a slot
is found with a timestamp of zero (indicating a slot which has never
been written to) or an offset is reached at or beyond the end of the
file. Any candidate location with a timestamp value of zero, with a
timestamp value less than the current time minus clockskew, or at or
beyond the end of the file is available for writing. When all
candidate locations have been searched without finding a match, the
new entry is written to the earliest candidate available for writing.</p>
</div>
</div>
</div>
</div>
</div>
<div class="sidebar">
<h2>On this page</h2>
<ul>
<li><a class="reference internal" href="#">Replay cache file format</a></li>
</ul>
<br/>
<h2>Table of contents</h2>
<ul class="current">
<li class="toctree-l1"><a class="reference internal" href="../user/index.html">For users</a></li>
<li class="toctree-l1"><a class="reference internal" href="../admin/index.html">For administrators</a></li>
<li class="toctree-l1"><a class="reference internal" href="../appdev/index.html">For application developers</a></li>
<li class="toctree-l1"><a class="reference internal" href="../plugindev/index.html">For plugin module developers</a></li>
<li class="toctree-l1"><a class="reference internal" href="../build/index.html">Building Kerberos V5</a></li>
<li class="toctree-l1"><a class="reference internal" href="../basic/index.html">Kerberos V5 concepts</a></li>
<li class="toctree-l1 current"><a class="reference internal" href="index.html">Protocols and file formats</a><ul class="current">
<li class="toctree-l2"><a class="reference internal" href="ccache_file_format.html">Credential cache file format</a></li>
<li class="toctree-l2"><a class="reference internal" href="keytab_file_format.html">Keytab file format</a></li>
<li class="toctree-l2 current"><a class="current reference internal" href="#">Replay cache file format</a></li>
<li class="toctree-l2"><a class="reference internal" href="cookie.html">KDC cookie format</a></li>
<li class="toctree-l2"><a class="reference internal" href="freshness_token.html">PKINIT freshness tokens</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../mitK5features.html">MIT Kerberos features</a></li>
<li class="toctree-l1"><a class="reference internal" href="../build_this.html">How to build this documentation from the source</a></li>
<li class="toctree-l1"><a class="reference internal" href="../about.html">Contributing to the MIT Kerberos Documentation</a></li>
<li class="toctree-l1"><a class="reference internal" href="../resources.html">Resources</a></li>
</ul>
<br/>
<h4><a href="../index.html">Full Table of Contents</a></h4>
<h4>Search</h4>
<form class="search" action="../search.html" method="get">
<input type="text" name="q" size="18" />
<input type="submit" value="Go" />
<input type="hidden" name="check_keywords" value="yes" />
<input type="hidden" name="area" value="default" />
</form>
</div>
<div class="clearer"></div>
</div>
</div>
<div class="footer-wrapper">
<div class="footer" >
<div class="right" ><i>Release: 1.21.1</i><br />
© <a href="../copyright.html">Copyright</a> 1985-2023, MIT.
</div>
<div class="left">
<a href="../index.html" title="Full Table of Contents"
>Contents</a> |
<a href="keytab_file_format.html" title="Keytab file format"
>previous</a> |
<a href="cookie.html" title="KDC cookie format"
>next</a> |
<a href="../genindex.html" title="General Index"
>index</a> |
<a href="../search.html" title="Enter search criteria"
>Search</a> |
<a href="mailto:krb5-bugs@mit.edu?subject=Documentation__Replay cache file format">feedback</a>
</div>
</div>
</div>
</body>
</html>
|
