Changing master key (Kerberos authentication server+LDAP database)
Simo Sorce
simo at redhat.com
Wed Jul 27 14:34:54 EDT 2011
On Wed, 2011-07-27 at 23:53 +0530, Anubha Gupta wrote:
> Thank for the reply, Simo. But I don't see any stash file on my
> system. I'm using AIX Network Authentication Sevice (NAS, which is
> mapped to MIT Kerberos 1.6.3) as the authentication server and IBM DB2
> LDAP as the database server. I need to re-encrypt the database with a
> new master key, but I can't see a stash file on my system. I'm
> assuming the master key is stored on LDAP, not sure though. Any
> suggestions?
THe MIT schema has also the attribute krbMkey defined, where
implementors can put the actual master keys instead of using the stash
file. IIRc this is not used by the standard ldap driver but I guess AIX
may have custom modifications.
You may have more luck asking IBM I guess :)
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Kerberos
mailing list