"If you choose to install a stash file..."
Ken Hornstein
kenh at cmf.nrl.navy.mil
Wed Jan 10 14:16:53 EST 2007
>In addition to needing to enter a passphrase to launch krb5kdc (with
>the -m option), it looks like kdb5_util will also need a passphrase,
>understandably.
>
>This means that the traditional cronjob-triggered kprop -> kpropd
>replication won't work either, right?
Actually, it shouldn't need a passphrase; the dump files contain the
encrypted keys not the decrypted ones, and that's what kprop/kpropd
pass around. I thought that the MIT folks told me that they run without
a stash file, and I see they have three KDCs.
--Ken
More information about the Kerberos
mailing list