Shell start script for krb5kdc/kadmind with prompt for K/M passphrase from console or pkcs15 token via Opensc
Stefan Hartmann
stefanh at hafenthal.de
Mon Sep 16 12:51:59 EDT 2024
Hello,
has someone a Sysv-init or Openrc start script for the krb5kdc/kadmind
daemons which prompts at the starting phase for manually input the K/M
passphrase. Or as enhancement uses Opensc pkcs15 to input a pin, decrypt
and provide the passphrase to the daemon.
I know the options -m and -n but my testing was not sucessfull with eg
start-stop-daemon.
I didn't find anything in the www, therefore my request.
I dont use systemd - I use Devuan or Alpine Linux, hence SysV-init or
openrc.
Nb: my krb5kdcs/kadminds with LDAP backend run for years with encrypted
/var/lib partitions, but now I will only encrypt the long-time keys -
Keep it Simple.
Thanks,
Stefan Hartmann - ib.hafenthal.de
More information about the Kerberos
mailing list