Stupid question - master key
Tom Yu
tlyu at MIT.EDU
Wed Aug 14 10:16:09 EDT 2002
>>>>> "raeburn" == Ken Raeburn <raeburn at MIT.EDU> writes:
raeburn> Leong Tim <timleong20 at yahoo.com> writes:
>> Is there anyway to change or access your master key once you've
>> forgotten it? Hypothetical question, I promise. :-)
raeburn> If you put it in a "stash" file, yes, the key will still be there. If
raeburn> you don't have a stash file, you need to know the password.
Also, if you have the stash file and want to change the master key to
something you know, it is possible to use the "-mkey_convert" flag to
the "kdb5_util dump" command in order to dump out the database with
all keys reencrypted in a new master key. (You'll have to stash your
new master key after reloading the database.) There is a serious bug
with this in the krb5-1.2.5 release, but an upcoming release will have
the fix. If you're in a hurry, I can dig up the patch that fixes the
bug.
---Tom
More information about the Kerberos
mailing list