need project review

Jeffrey Hutzelman jhutz at
Mon Apr 7 15:03:47 EDT 2008

--On Monday, April 07, 2008 01:48:55 PM -0500 Will Fiveash 
<William.Fiveash at> wrote:

> On Fri, Apr 04, 2008 at 03:18:57PM -0500, Nicolas Williams wrote:
>> On Fri, Apr 04, 2008 at 03:00:41PM -0500, Nicolas Williams wrote:
>> > IMO we should deprecate stash files altogether.  That should make this
>> > issue go away -- what's the point of having a stash file if nothing
>> > will read it?
>> I should clarify.  I think that the only thing that reads stash files
>> should be the tool that migrates them to keytab file entries.  That
>> could be built-in to krb5kdc and kadmind, or it could be a standalone
>> tool.  Either way the stash file should be read once, migrated, and
>> removed or ignored thereafter.
> The design does not auto-migrate the stash file to a keytab format.  The
> idea is that the KDC daemons will be able to read an older format stash
> file.  Only when the admin runs a kdb5_util command that modifies the
> masterkey stash will the format change (along with a new masterkey being
> stored).

This design really seems much more sane to me than the auto-upgrade Nico 

> I'm assuming that the old masterkey does not need to be saved
> since this does not happen with the current stash code.

It doesn't happen currently, but I gather that one of the purposes of 
moving to keytabs as a storage mechanism is to allow more than one master 
key version to be stored, so that database entries do not all have to be 
reencrypted at once (possibly resulting in a service outage while the 
update occurs).  If that is the case, then it might be useful for the first 
update to preserve the old key.

-- Jeff

More information about the krbdev mailing list