patch: make krb524d read master key from keyboard

Greg Troxel gdt at ir.bbn.com
Thu Apr 24 11:34:15 EDT 2003


I have the following patch (against 1.2.8) in my repository to enable
krb524d to take a master key from the command line.
This is of course not quite right since 'use master' and 'use master
from keyboard' are two different things.
Perhaps the master key code should try the stash file, and on failure
read from the keyboard.  Then all these switches could simply be
omitted. 

Do the assembled wizards think the right thing is adding a '-M' flag
to conditionalize the two added lines, so one can say '-m -M' to
indicate 'use master, and get it from the keyboard'?  Or something
else?

(I'm a believer in using a UPS instead of a stash file - only losing
once in 4 years - so the patch below works fine for me.  I realize it
isn't right for everyone.)


Index: src/krb524/krb524d.c
===================================================================
RCS file: /FOO-CVS/krb5/src/krb524/krb524d.c,v
retrieving revision 1.1.1.5
retrieving revision 1.4
diff -u -r1.1.1.5 -r1.4
--- src/krb524/krb524d.c	24 Apr 2003 15:01:22 -0000	1.1.1.5
+++ src/krb524/krb524d.c	24 Apr 2003 15:14:44 -0000	1.4
@@ -167,8 +167,11 @@
 
      if (use_keytab)
 	  init_keytab(context);
-     if (use_master)
+     if (use_master) {
+	  config_params.mkey_from_kbd = 1;
+	  config_params.mask |= KADM5_CONFIG_MKEY_FROM_KBD;
 	  init_master(context, &config_params);
+     }
 
      memset((char *) &saddr, 0, sizeof(struct sockaddr_in));
      saddr.sin_family = AF_INET;


More information about the Kerberos mailing list