"If you choose to install a stash file..."
Jeff Blaine
jblaine at kickflop.net
Thu Jan 4 16:17:12 EST 2007
Thanks, Ken. That's what I assumed. Shouldn't that be
mentioned in the docs? Seems logical, especially after
the words "If you choose to..."
Ken Hornstein wrote:
>> http://web.mit.edu/Kerberos/krb5-1.5/krb5-1.5.1/doc/krb5-install/Create-the-Database.html#Create%20the%20Database
>>
>> "If you choose to install a stash file..."
>>
>> What if I don't? No explanation is given as to the alternative.
>
> Every time the KDC starts up, you have to type in the master key before
> the KDC process will start up. The stash file is a stored copy of the
> master key on-disk.
>
> (The master key is used to encrypt all of the keys in the KDC database,
> but doesn't actually get used for anything that appears on the wire).
>
> --Ken
More information about the Kerberos
mailing list