Migrating from b6 to 1.3.1 (without the a master key phrase)

James kerberos at memberships.rfc527.org
Wed Nov 12 15:25:04 EST 2003


Hi!

We will shortly be addressing an upgrade issue similar to that raised
a year ago by Art Freeman on comp.protocols.kerberos:
http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&threadm=ldv7kj618mg.fsf%40saint-elmos-fire.mit.edu&rnum=9&prev=/groups%3Fq%3Dkerberos%2Bstash%2Bfile%26ie%3DUTF-8%26oe%3DUTF-8%26hl%3Den%26btnG%3DGoogle%2BSearch.

Art was not able to get the tools working correctly to extract
encrypted entries, and export to a new database.

We run b6, and are now about to upgrade to 1.3.1.
We also want to change encryption key (and type). (We do not have the
key phrase, just the stash file).

It looks as though the 1.3.1 kdb5_util may handle b6 formats, and may
allow us to re-encrypt and create a new stash file on the fly during a
dump operation.

  * Has there been any work recently that might address the issues Art
described?
  * Does this seem like the right way of going about it, or should we
be looking elsewhere? (Or believing the FAQ, and giving up on
changing the key :-()
  * Any gotchas/advice to offer?
  * Any tools that people have written if they couldn't make this
happen between kadmin and kdb5_util?

Thanks in advance,

J.

--
I'd rather write programs to write programs
than write programs.
    - Jon Bentley
------------------------------------------------


--
I'd rather write programs to write programs
than write programs.
    - Jon Bentley
------------------------------------------------






More information about the Kerberos mailing list