"If you choose to install a stash file..."

Jeffrey Hutzelman jhutz at cmu.edu
Thu Jan 11 21:11:22 EST 2007



On Thursday, January 11, 2007 08:32:57 PM -0500 Ken Hornstein 
<kenh at cmf.nrl.navy.mil> wrote:

>> Continuing on, when using a stash, kdb5_util will create a
>> $DUMPFILE.dump_ok file, containing a single null byte.  But when run
>> without a stash, the dump_ok file isn't created, probably because it
>> couldn't verify that the file isn't corrupt.
>
> I was curious about this, so I took a look at it.  The reason .dump_ok
> isn't written is because the variable exit_status is incremented when the
> master key isn't available.  But when the master key _is_ available,
> no verification is done (other than on the master key itself).  So
> it's not like there is some kind of corruption check that the master
> key enables; all the entries (except for the master key) could be garbage
> and having a stash file wouldn't help you.

Right.  Note that having the master key has no effect on what sorts of 
checks you can perform on database integrity.  The _only_ thing it is used 
for is encrypting the _keys_ in the database.  And since those have no 
structure or meaning, you couldn't check them for validity anyway.

-- Jeff



More information about the Kerberos mailing list