need project review

Jeffrey Hutzelman jhutz at
Fri Apr 4 11:20:17 EDT 2008

--On Thursday, April 03, 2008 07:47:41 PM -0500 Will Fiveash 
<William.Fiveash at> wrote:

> The KDC must be able to access the most recent master key in the
> masterkey keytab given a principal name

I'm afraid this doesn't make sense to me.  What does a principal name have 
to do with retrieving the master key?  While a copy of the master key is by 
convention stored in the KDB as the keys for a particular principal, and 
the same convention might be followed here, the master key does not have a 
"principal name".

I think it is important that storing a new master key version be done 
safely, such that failure does not result in the old stash file being 
destroyed, even if it was old format.  Further, it might be argued that 
attempting to add a new master key to an old-format stash file should 
result in a keytab containing both the previous key and the newly-added one.

IMHO there needs to be a tool to convert back to the old stash format. 
Managing a transition is much harder when you can't back out the change if 
there is a problem.

-- Jeff

More information about the krbdev mailing list