krb524d and reading master key from keyboard
Greg Troxel
gdt at ir.bbn.com
Mon Aug 26 10:43:29 EDT 2002
I am using 1.2.6-beta1 on NetBSD.
My KDC doesn't use a stash file. I can start up krb5kdc and kadmind
with -m just fine. 'krb524d -m' gave me
krb524d: Cannot find/read stored master key initializing kadm5 library
So, I patched the server to read the master key from the keyboard and
now it works (reads key, starts without complaint, krb524init got me a
v4 tgt from v5 tgt, app got me a service ticket which was accepted by
the server).
It's not clear that 'krb524d -m' is supposed to read the master key
from the keyboard, or if that is instruction to use the master key
rather than the keytab. However, it seems not right that one could
only use krb524d with a stash file. I would suggest that among all
the programs that need the master key, '-m' be uniformly treated as
reading the master key from the keyboard.
Here's my patch, which surely breaks those with stash files.
Index: krb524d.c
===================================================================
RCS file: /IR-CVS/krb5/src/krb524/krb524d.c,v
retrieving revision 1.1.1.3
retrieving revision 1.2
diff -u -r1.1.1.3 -r1.2
--- krb524d.c 20 Aug 2002 15:32:07 -0000 1.1.1.3
+++ krb524d.c 26 Aug 2002 14:27:32 -0000 1.2
@@ -134,9 +134,11 @@
if (use_keytab)
init_keytab(context);
- if (use_master)
+ if (use_master) {
+ config_params.mkey_from_kbd = 1;
+ config_params.mask |= KADM5_CONFIG_MKEY_FROM_KBD;
init_master(context, &config_params);
-
+ }
memset((char *) &saddr, 0, sizeof(struct sockaddr_in));
saddr.sin_family = AF_INET;
saddr.sin_addr.s_addr = INADDR_ANY;
More information about the Kerberos
mailing list