hardware recommendation to run MIT KDC
john at iastate.edu
Wed Aug 29 17:12:09 EDT 2007
> When I ran the KDCs here, I always configured them with no paging
> space, the better to quantify the impact of a hypothetical theft of
> the machine.
Was your concern that there might have been a swap-out
during a period that kadmind held a password in cleartext
when setting a password?
Sounds like you were doing a lot of restarts so I'm guessing
you kept the master DB key stashed on disk (i.e., you weren't
worried about non-master-encrypted keys being swapped out).
Is anyone doing their master key on a thumb-drive-disk?
It's something I was looking at, but what I think I really
want is to take the master key (mk) and xor it with a random
bit string (r1) to produce a second random bit string (r2)
km ^ r1 = r2 (and thus, km = r1 ^ r2)
and two store r1 on a thumb-drive and r2 on a fixed drive
so that loss of either does not compromise the master key
(and modify all the master-key routines to read both files
and recompose the master key).
And then if/when kerberos reboots, the operations staff would
be prompted to insert the thumb drive, and then after the processes
start to remove it and return it to its place of safety.
More information about the krbdev