[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: MIT & Heimdal playing together?

I would guess that it's something like  
"--master-key=<mumble>:/var/lib/heimdal-kdc/m-key".  (Or wherever you  
put the master key file.)

I don't see the right stuff in the lib code for what the file formats  
can be right now, but I know it exists somewhere.

On Oct 18, 2004, at 1:28 PM, Benjamin P Myers wrote:

> On Sunday 17 October 2004 04:42 pm, ms419@freezone.co.uk wrote:
>> 	fis:~# kstash
>> 	Master key:
>> 	Verifying - Master key:
>> 	kstash: writing key to `/var/lib/heimdal-kdc/m-key'
>> 	fis:~# ssh tor kdb5_util dump -b7 > datatrans
>> 	root@tor's password:
>> 	fis:~# scp tor:/etc/krb5kdc/stash .
>> 	root@tor's password:
>> 	fis:~# hprop -m stash -d datatrans --source=mit-dump -n | hpropd -n
> Hmm.  Could you try
>  'hprop -m stash -d datatrans --source=mit-dump --decrypt -n'?
> You might then be able to worry about re-encrypting with a different  
> master
> key in a later step.  In my recollection, I copied my mit kdc's master  
> key to
> /var/heimdal/m-key directly, used hprop to do the decryption, deleted  
> the
> master key once I was done, and didn't use kstash at all.   
> Unfortunately, I
> don't remember the exact arguments to hprop that made it work.
> Good Luck,
> Ben
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu