[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Propagating MIT-Kerberos Database to Heimdal KDC

Friedrich Delgado Friedrichs <delgado@cert.dfn.de> writes:

> However, if I create /var/heimdal/m-key on the heimdal host with
> kstash, the first six bytes are:
> 0205 0000 4800

This is normal. The heimdal stash file is just keytab. MIT uses a
different format.

I'll try to have a look at this. I guess this might something to do
with 3des and key derivation.

> Another point strikes me: I've read somewhere that it's possible to
> use the MIT-Kerberos Master-Key unchanged. However the principal for
> the Master-Key is called "default" in heimdal and "K/M" in MIT
> Kerberos.

The K/M principal is used to verify that the master key is correct. We
don't really have any such feature. The default principal is used for
default values for new principals.

> Is there any place I can find detailed documentation on the subject?

Eh, probably not. Use the source, but I guess you didn't want to hear
that. :-)