need project review
jhutz at cmu.edu
Mon Apr 7 15:03:47 EDT 2008
--On Monday, April 07, 2008 01:48:55 PM -0500 Will Fiveash
<William.Fiveash at sun.com> wrote:
> On Fri, Apr 04, 2008 at 03:18:57PM -0500, Nicolas Williams wrote:
>> On Fri, Apr 04, 2008 at 03:00:41PM -0500, Nicolas Williams wrote:
>> > IMO we should deprecate stash files altogether. That should make this
>> > issue go away -- what's the point of having a stash file if nothing
>> > will read it?
>> I should clarify. I think that the only thing that reads stash files
>> should be the tool that migrates them to keytab file entries. That
>> could be built-in to krb5kdc and kadmind, or it could be a standalone
>> tool. Either way the stash file should be read once, migrated, and
>> removed or ignored thereafter.
> The design does not auto-migrate the stash file to a keytab format. The
> idea is that the KDC daemons will be able to read an older format stash
> file. Only when the admin runs a kdb5_util command that modifies the
> masterkey stash will the format change (along with a new masterkey being
This design really seems much more sane to me than the auto-upgrade Nico
> I'm assuming that the old masterkey does not need to be saved
> since this does not happen with the current stash code.
It doesn't happen currently, but I gather that one of the purposes of
moving to keytabs as a storage mechanism is to allow more than one master
key version to be stored, so that database entries do not all have to be
reencrypted at once (possibly resulting in a service outage while the
update occurs). If that is the case, then it might be useful for the first
update to preserve the old key.
More information about the krbdev