[27198] in Kerberos
Re: "If you choose to install a stash file..."
daemon@ATHENA.MIT.EDU (Ken Hornstein)
Wed Jan 10 14:17:42 2007
Message-Id: <200701101916.l0AJGqcQ000907@ginger.cmf.nrl.navy.mil>
To: kerberos@mit.edu
In-Reply-To: <17828.32498.166285.783833@squeak.fifthhorseman.net>
Date: Wed, 10 Jan 2007 14:16:53 -0500
From: Ken Hornstein <kenh@cmf.nrl.navy.mil>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
>In addition to needing to enter a passphrase to launch krb5kdc (with
>the -m option), it looks like kdb5_util will also need a passphrase,
>understandably.
>
>This means that the traditional cronjob-triggered kprop -> kpropd
>replication won't work either, right?
Actually, it shouldn't need a passphrase; the dump files contain the
encrypted keys not the decrypted ones, and that's what kprop/kpropd
pass around. I thought that the MIT folks told me that they run without
a stash file, and I see they have three KDCs.
--Ken
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
