Master key migration and the stash command
hartmans at MIT.EDU
Thu Jan 29 10:22:33 EST 2009
Your plan seems reasonable.
I'd ask that
1) If the stash command does not prompt for a password, it explain
why. I.E. print a message like "An existing stash file worked to
open the database; updating the stash file wih all master keys."
2) If the stash command is run, there is an existing stash file, and the stash file cannot decrypt the master key, then the user be prompted for a password.
3) It would be greate to see kdb5_util create take an option to use an
existing stash file . I don't think this need to be part of the
same work, but it would be nice if it was at least opened as an
enhancement request if people agree it is useful.
More information about the krbdev