[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Heimdal/AFS Master Key Coordination
"Henry B. Hotz" <firstname.lastname@example.org> writes:
> Kerberos encrypts its database with a master key kept in the stash
> file. AFS kaserver does something similar, but I'm not sure exactly
The kaserver database not encrypted.
> What I tried doing was using ktutil to convert the
> /usr/afs/etc/KeyFile to a K5 keytab and feeding that to hprop
> --keyfile=... --decrypt --stdout.
The --keyfile is only used for authenticating to a remote hpropd. Did
you try --source=kaserver?
> I could understand hpropd wanting the stash file so it could
> re-encrypt the data, but this is just hprop reading the data.
Well, this is because you specified --decrypt, which is not needed for
hprop --stdout --source=kaserver --database=/whereever/kaserver.DB0