"If you choose to install a stash file..."

Ken Hornstein kenh at cmf.nrl.navy.mil
Thu Jan 11 20:32:57 EST 2007


>Continuing on, when using a stash, kdb5_util will create a
>$DUMPFILE.dump_ok file, containing a single null byte.  But when run
>without a stash, the dump_ok file isn't created, probably because it
>couldn't verify that the file isn't corrupt.

I was curious about this, so I took a look at it.  The reason .dump_ok
isn't written is because the variable exit_status is incremented when the
master key isn't available.  But when the master key _is_ available,
no verification is done (other than on the master key itself).  So
it's not like there is some kind of corruption check that the master
key enables; all the entries (except for the master key) could be garbage
and having a stash file wouldn't help you.

--Ken



More information about the Kerberos mailing list