[27170] in Kerberos
Re: "If you choose to install a stash file..."
daemon@ATHENA.MIT.EDU (Jeff Blaine)
Thu Jan 4 16:17:44 2007
Message-ID: <459D6ED8.6030208@kickflop.net>
Date: Thu, 04 Jan 2007 16:17:12 -0500
From: Jeff Blaine <jblaine@kickflop.net>
MIME-Version: 1.0
To: Ken Hornstein <kenh@cmf.nrl.navy.mil>
In-Reply-To: <200701042114.l04LEtQ4004615@ginger.cmf.nrl.navy.mil>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Thanks, Ken. That's what I assumed. Shouldn't that be
mentioned in the docs? Seems logical, especially after
the words "If you choose to..."
Ken Hornstein wrote:
>> http://web.mit.edu/Kerberos/krb5-1.5/krb5-1.5.1/doc/krb5-install/Create-the-Database.html#Create%20the%20Database
>>
>> "If you choose to install a stash file..."
>>
>> What if I don't? No explanation is given as to the alternative.
>
> Every time the KDC starts up, you have to type in the master key before
> the KDC process will start up. The stash file is a stored copy of the
> master key on-disk.
>
> (The master key is used to encrypt all of the keys in the KDC database,
> but doesn't actually get used for anything that appears on the wire).
>
> --Ken
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
