need project review
jhutz at cmu.edu
Fri Apr 4 11:20:17 EDT 2008
--On Thursday, April 03, 2008 07:47:41 PM -0500 Will Fiveash
<William.Fiveash at sun.com> wrote:
> The KDC must be able to access the most recent master key in the
> masterkey keytab given a principal name
I'm afraid this doesn't make sense to me. What does a principal name have
to do with retrieving the master key? While a copy of the master key is by
convention stored in the KDB as the keys for a particular principal, and
the same convention might be followed here, the master key does not have a
I think it is important that storing a new master key version be done
safely, such that failure does not result in the old stash file being
destroyed, even if it was old format. Further, it might be argued that
attempting to add a new master key to an old-format stash file should
result in a keytab containing both the previous key and the newly-added one.
IMHO there needs to be a tool to convert back to the old stash format.
Managing a transition is much harder when you can't back out the change if
there is a problem.
More information about the krbdev