[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: MIT & Heimdal playing together?
I would guess that it's something like
"--master-key=<mumble>:/var/lib/heimdal-kdc/m-key". (Or wherever you
put the master key file.)
I don't see the right stuff in the lib code for what the file formats
can be right now, but I know it exists somewhere.
On Oct 18, 2004, at 1:28 PM, Benjamin P Myers wrote:
> On Sunday 17 October 2004 04:42 pm, ms419@freezone.co.uk wrote:
>> fis:~# kstash
>> Master key:
>> Verifying - Master key:
>> kstash: writing key to `/var/lib/heimdal-kdc/m-key'
>> fis:~# ssh tor kdb5_util dump -b7 > datatrans
>> root@tor's password:
>> fis:~# scp tor:/etc/krb5kdc/stash .
>> root@tor's password:
>> fis:~# hprop -m stash -d datatrans --source=mit-dump -n | hpropd -n
>
> Hmm. Could you try
> 'hprop -m stash -d datatrans --source=mit-dump --decrypt -n'?
>
> You might then be able to worry about re-encrypting with a different
> master
> key in a later step. In my recollection, I copied my mit kdc's master
> key to
> /var/heimdal/m-key directly, used hprop to do the decryption, deleted
> the
> master key once I was done, and didn't use kstash at all.
> Unfortunately, I
> don't remember the exact arguments to hprop that made it work.
>
> Good Luck,
> Ben
>
>
>
>
------------------------------------------------------------------------
----
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu