Re: Upgrading Heimdal Operational Mode with Minimal Interruption.

[joda@pdc.kth.se (Johan Danielsson)]

"Henry B. Hotz" <hotz@jpl.nasa.gov> writes:

> More specifically, the question is about any interactions among the
> master encryption step 3, restarting the slaves, and the hprop to the
> slaves.  What do I need to worry about and do I need to re-order
> anything?

Well, when it starts, the kdc reads all master keys, but they will
only be used if an entry is actually encrypted. So it should be safe
to generate a master key, move it to the slaves(*), and restart them.

Does this help?

/Johan

*) In theory you could have different master keys on different slaves,
but that requires that you send the keys de-sealed (hprop -D), and
probably this patch:

--- hpropd.c	2003/09/19 00:16:35	1.37
+++ hpropd.c	2004/07/08 04:05:05
@@ -353,6 +353,9 @@
 	    ret = hdb_create(context, &db, tmp_db);
 	    if(ret)
 		krb5_err(context, 1, ret, "hdb_create(%s)", tmp_db);
+	    ret = hdb_set_master_keyfile(context, db, NULL);
+	    if (ret)
+		krb5_err(context, 1, ret, "hdb_set_master_keyfile");
 	    ret = db->hdb_open(context, db, O_RDWR | O_CREAT | O_TRUNC, 0600);
 	    if(ret)
 		krb5_err(context, 1, ret, "hdb_open(%s)", tmp_db);