[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Heimdal/AFS Master Key Coordination

To: "Henry B. Hotz" <hotz@jpl.nasa.gov>
Subject: Re: Heimdal/AFS Master Key Coordination
From: joda@pdc.kth.se (Johan Danielsson)
Date: 23 Sep 2003 14:21:14 +0200
Cc: heimdal-discuss@sics.se
In-Reply-To: "Henry B. Hotz"'s message of "Mon, 22 Sep 2003 10:43:18 -0700"
References: <p05210603bb94e1e3d3bc@[137.78.212.225]>
Sender: owner-heimdal-discuss@sics.se
User-Agent: Gnus/5.0807 (Gnus v5.8.7) Emacs/20.7

"Henry B. Hotz" <hotz@jpl.nasa.gov> writes:

> Kerberos encrypts its database with a master key kept in the stash
> file.  AFS kaserver does something similar, but I'm not sure exactly
> what.

The kaserver database not encrypted.

> What I tried doing was using ktutil to convert the
> /usr/afs/etc/KeyFile to a K5 keytab and feeding that to hprop
> --keyfile=... --decrypt --stdout.

The --keyfile is only used for authenticating to a remote hpropd. Did
you try --source=kaserver?

> I could understand hpropd wanting the stash file so it could
> re-encrypt the data, but this is just hprop reading the data.

Well, this is because you specified --decrypt, which is not needed for
kaserver.

Try:

hprop --stdout --source=kaserver --database=/whereever/kaserver.DB0

/Johan

Follow-Ups:
- Re: Heimdal/AFS Master Key Coordination
  - From: "Henry B. Hotz" <hotz@jpl.nasa.gov>

References:
- Heimdal/AFS Master Key Coordination
  - From: "Henry B. Hotz" <hotz@jpl.nasa.gov>

Prev by Date: Re: Incomplete documentation
Next by Date: Re: Heimdal/AFS Master Key Coordination
Prev by thread: Heimdal/AFS Master Key Coordination
Next by thread: Re: Heimdal/AFS Master Key Coordination
Index(es):
- Date
- Thread