"If you choose to install a stash file..."
Ken Hornstein
kenh at cmf.nrl.navy.mil
Thu Jan 11 20:32:57 EST 2007
>Continuing on, when using a stash, kdb5_util will create a
>$DUMPFILE.dump_ok file, containing a single null byte. But when run
>without a stash, the dump_ok file isn't created, probably because it
>couldn't verify that the file isn't corrupt.
I was curious about this, so I took a look at it. The reason .dump_ok
isn't written is because the variable exit_status is incremented when the
master key isn't available. But when the master key _is_ available,
no verification is done (other than on the master key itself). So
it's not like there is some kind of corruption check that the master
key enables; all the entries (except for the master key) could be garbage
and having a stash file wouldn't help you.
--Ken
More information about the Kerberos
mailing list