need project review
William.Fiveash at sun.com
Mon Apr 7 14:43:29 EDT 2008
On Fri, Apr 04, 2008 at 11:20:17AM -0400, Jeffrey Hutzelman wrote:
> --On Thursday, April 03, 2008 07:47:41 PM -0500 Will Fiveash
> <William.Fiveash at sun.com> wrote:
>> The KDC must be able to access the most recent master key in the
>> masterkey keytab given a principal name
> I'm afraid this doesn't make sense to me. What does a principal name have
> to do with retrieving the master key? While a copy of the master key is by
> convention stored in the KDB as the keys for a particular principal, and
> the same convention might be followed here, the master key does not have a
> "principal name".
As you point out currently the masterkey in the stash file is the same
as the key associated with the K/M principal. Given krb5_kt_get_entry()
and krb5_kt_add_entry() will be used to access and modify the masterkey
keytab and require a principal argument, my thought is that the
krb5_db_def_fetch_mkey and krb5_def_store_mkey() will use the K/M
principal name as the argument to the krb5_kt*_entry() functions.
> I think it is important that storing a new master key version be done
> safely, such that failure does not result in the old stash file being
> destroyed, even if it was old format. Further, it might be argued that
> attempting to add a new master key to an old-format stash file should
> result in a keytab containing both the previous key and the newly-added
How about I modify the design to create a temp masterkey keytab and then
moving it to it's standard filename?
> IMHO there needs to be a tool to convert back to the old stash format.
> Managing a transition is much harder when you can't back out the change if
> there is a problem.
Understand that I am not proposing that upgrading the KDC code will
automagically change the stash file format. The stash file format will
only be changed if the admin runs one of the kdb5_util commands that
overwrites the stash file. At that point the stash file format will
change to that of a keytab.
Note I'm assuming an admin will backup the stash file or know the
password used to generate the masterkey.
Sun Microsystems Inc.
More information about the krbdev