keytab import
Jeffrey Hutzelman
jhutz at cmu.edu
Tue Apr 8 16:32:15 EDT 2008
--On Tuesday, April 08, 2008 12:11:54 PM -0700 "Henry B. Hotz"
<hotz at jpl.nasa.gov> wrote:
>
> On Apr 8, 2008, at 6:26 AM, krbdev-request at mit.edu wrote:
>
>> So the point is to store an mkey with the associated KNVO (this will
>> come in handy in a follow on project to support updating the master
>> key
>> and migrating KDB entries). That > 1 mkey can be stored in a keytab
>> is
>> a secondary point however I'm wondering if this feature could be put
>> to
>> good use in regards to dealing with a corrupted K/M princ, perhaps
>> allowing reconstruction of the princ using the keys in the keytab.
>> Other than that I'm not sure what purpose keeping the older mkeys in
>> the
>> keytab would serve.
>
> It would be nice if cross-realm keys could be imported/exchanged with
> keytab files. A keytab import capability has other possible uses. ;-)
Hm. I don't think this is really related to changing the stash file
format, but some form of keytab import does sound really useful.
-- Jeff
More information about the krbdev
mailing list