[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: MIT & Heimdal playing together?

On Sunday 17 October 2004 04:42 pm, ms419@freezone.co.uk wrote:
> 	fis:~# kstash
> 	Master key:
> 	Verifying - Master key:
> 	kstash: writing key to `/var/lib/heimdal-kdc/m-key'
> 	fis:~# ssh tor kdb5_util dump -b7 > datatrans
> 	root@tor's password:
> 	fis:~# scp tor:/etc/krb5kdc/stash .
> 	root@tor's password:
> 	fis:~# hprop -m stash -d datatrans --source=mit-dump -n | hpropd -n

Hmm.  Could you try
 'hprop -m stash -d datatrans --source=mit-dump --decrypt -n'?

You might then be able to worry about re-encrypting with a different master 
key in a later step.  In my recollection, I copied my mit kdc's master key to 
/var/heimdal/m-key directly, used hprop to do the decryption, deleted the 
master key once I was done, and didn't use kstash at all.  Unfortunately, I 
don't remember the exact arguments to hprop that made it work.  

Good Luck,