Remembering Master Password
Jeffrey Hutzelman
jhutz at cmu.edu
Wed Sep 27 14:10:39 EDT 2006
On Wednesday, September 27, 2006 08:52:52 AM -0700 "Henry B. Hotz"
<hotz at jpl.nasa.gov> wrote:
> Heimdal uses a standard keytab file for the master password. In
> Heimdal kadmin you can do:
>
> add -r M/K
> del_enc M/K <all encryption types except the one you want>
> ext_key -k <master key stash location> M/K
> delete M/K
You can, but if you do that multiple times, you'll end up with multiple
keys with the same kvno. Since Heimdal records for each record the version
of the master key that was used to encrypt it (if any), it can handle
multiple keys and do a gradual transition. But that won't work if you keep
reusing the same version.
Also, that's rather convoluted compared to
ktutil add -r -p M/K
More information about the Kerberos
mailing list