[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Heimdal/AFS Master Key Coordination

Kerberos encrypts its database with a master key kept in the stash 
file.  AFS kaserver does something similar, but I'm not sure exactly 
what.  What do I need to do to make sure that the encryption works 
between the two with hprop/hpropd?

What I tried doing was using ktutil to convert the 
/usr/afs/etc/KeyFile to a K5 keytab and feeding that to hprop 
--keyfile=... --decrypt --stdout.  It still wanted a stash file.  I 
could understand hpropd wanting the stash file so it could re-encrypt 
the data, but this is just hprop reading the data.
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu