Changing master key (Kerberos authentication server+LDAP database)
Sonja Benz
sonja.benz at de.ibm.com
Thu Jul 28 02:00:03 EDT 2011
May be this link is a good starting point:
http://www.ibm.com/developerworks/aix/library/au-nasmasterldap/index.html
Sonja
From:
Simo Sorce <simo at redhat.com>
To:
Anubha Gupta <anuafs84 at gmail.com>
Cc:
kerberos at mit.edu
Date:
07/27/2011 09:24 PM
Subject:
Re: Changing master key (Kerberos authentication server+LDAP database)
Sent by:
kerberos-bounces at mit.edu
On Wed, 2011-07-27 at 23:53 +0530, Anubha Gupta wrote:
> Thank for the reply, Simo. But I don't see any stash file on my
> system. I'm using AIX Network Authentication Sevice (NAS, which is
> mapped to MIT Kerberos 1.6.3) as the authentication server and IBM DB2
> LDAP as the database server. I need to re-encrypt the database with a
> new master key, but I can't see a stash file on my system. I'm
> assuming the master key is stored on LDAP, not sure though. Any
> suggestions?
THe MIT schema has also the attribute krbMkey defined, where
implementors can put the actual master keys instead of using the stash
file. IIRc this is not used by the standard ldap driver but I guess AIX
may have custom modifications.
You may have more luck asking IBM I guess :)
Simo.
--
Simo Sorce * Red Hat, Inc * New York
________________________________________________
Kerberos mailing list Kerberos at mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
More information about the Kerberos
mailing list