[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Heimdal/AFS Master Key Coordination

"Henry B. Hotz" <hotz@jpl.nasa.gov> writes:

> Kerberos encrypts its database with a master key kept in the stash
> file.  AFS kaserver does something similar, but I'm not sure exactly
> what.

The kaserver database not encrypted.

> What I tried doing was using ktutil to convert the
> /usr/afs/etc/KeyFile to a K5 keytab and feeding that to hprop
> --keyfile=... --decrypt --stdout.

The --keyfile is only used for authenticating to a remote hpropd. Did
you try --source=kaserver?

> I could understand hpropd wanting the stash file so it could
> re-encrypt the data, but this is just hprop reading the data.

Well, this is because you specified --decrypt, which is not needed for


hprop --stdout --source=kaserver --database=/whereever/kaserver.DB0