[2634] in Kerberos
Re: Can master key be changed?
daemon@ATHENA.MIT.EDU (Theodore Ts'o)
Thu Mar 18 19:56:20 1993
Date: Thu, 18 Mar 93 19:43:47 -0500
From: Theodore Ts'o <tytso@Athena.MIT.EDU>
To: c7821027@csie.nctu.edu.tw
Cc: kerberos@Athena.MIT.EDU
In-Reply-To: Shih-Hao Liu's message of Sat, 6 Mar 1993 20:46:45 +0800 (WST),
From: c7821027@csie.nctu.edu.tw (Shih-Hao Liu)
Date: Sat, 6 Mar 1993 20:46:45 +0800 (WST)
I am installing the kerberos V4 p9 in our department and want to
know if it is possible to change the master database key.
I have tried to use the kdb_util to modify the key of K.M principle.
It seems that the master key is stored in this principle because I
can use the master key as the password to get the tgt. However,
after I modify the key of K.M, nither the old key nor the new one
can be used as the master key. Any suggestion?
It is possible to change the master key of a kerberos database, but not
without writing some code. :-)
What you'd need to do is to take a dump of the Kerberos database, using
"kdb_util dump", and then write a program which decrypted each key in
the database using the old master key, and then re-encrypted each key
using the new master key. Afterwards, you'd do a "kdb_util load" with
the modified dump file, and do run the kstash program to stash the new
master key in /.k.
Note that the Kerberos master key is something which is only used to
encrypt keys on the KDC local disk; the Kerberos master key never
figures into any of the Kerberos protocol transactions. It's merely one
more level of protection, so that if someone gets a copy of the Kerberos
database backup tape, it would be useless without the master key. We've
never bothered to change master key at MIT, so we've never written a
utility to do that transformaion. It wouldn't be that hard to write,
though.
- Ted
