[1996] in Kerberos_V5_Development
Re: krb5-libs/207: KDB keytab type multiply defined and wrong
daemon@ATHENA.MIT.EDU (Theodore Y. Ts'o)
Thu Nov 21 18:15:13 1996
Date: Thu, 21 Nov 1996 18:15:02 -0500
From: "Theodore Y. Ts'o" <tytso@MIT.EDU>
To: proven@cygnus.com
Cc: Mark Eichin <eichin@MIT.EDU>, krb5-bugs@MIT.EDU, krbdev@MIT.EDU
In-Reply-To: Christopher Provenzano's message of Wed, 20 Nov 1996 22:19:16
-0500, <199611210319.WAA00865@qed.proven.org>
Date: Wed, 20 Nov 1996 22:19:16 -0500
From: Christopher Provenzano <proven@proven.org>
> Which reminds me -- I filed an MIT pr on this, I think, but it should
> probably be discussed -- any good reason that the stash file isn't
> just a normal keytab? (stash files have a number of evil properties,
> such as host-dependence...)
I think we should; it's a good long-term thing to do.
Having it as a keytab is better if the key is actually stored in the
database. I don't see why we are bothering to store it in the database
though.
I don't see why it matters whether or not it is stored in the database,
except for the side issue that we know how to name the master key
(i.e. K/M@REALM).
It's stored there mostly for historical reasons, although the database
fields for the master key are significant --- they're the default values
when creating a new principal. It's also useful for verifying that you
have the correct master key (since the master key is encrpyted in
itself), and this probably also makes it useful if you're trying to
brute-force break the master key. :-)
- Ted
