[27207] in Kerberos
Re: "If you choose to install a stash file..."
daemon@ATHENA.MIT.EDU (Ken Hornstein)
Thu Jan 11 20:33:27 2007
Message-Id: <200701120132.l0C1Wuvw003111@ginger.cmf.nrl.navy.mil>
To: kerberos@mit.edu
In-Reply-To: <17830.56357.969005.165042@squeak.fifthhorseman.net>
Date: Thu, 11 Jan 2007 20:32:57 -0500
From: Ken Hornstein <kenh@cmf.nrl.navy.mil>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
>Continuing on, when using a stash, kdb5_util will create a
>$DUMPFILE.dump_ok file, containing a single null byte. But when run
>without a stash, the dump_ok file isn't created, probably because it
>couldn't verify that the file isn't corrupt.
I was curious about this, so I took a look at it. The reason .dump_ok
isn't written is because the variable exit_status is incremented when the
master key isn't available. But when the master key _is_ available,
no verification is done (other than on the master key itself). So
it's not like there is some kind of corruption check that the master
key enables; all the entries (except for the master key) could be garbage
and having a stash file wouldn't help you.
--Ken
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
