[1271] in Kerberos
srvtab on client machines
daemon@ATHENA.MIT.EDU (qjb@ATHENA.MIT.EDU)
Fri Mar 1 20:19:18 1991
From: qjb@ATHENA.MIT.EDU
Date: Fri, 1 Mar 91 16:46:39 -0500
To: "Galina Kofman" <GALINA@IBM.COM>
Cc: tytso@ATHENA.MIT.EDU, kerberos@ATHENA.MIT.EDU
> So, how does Athena distribute srvtab files?
>
> We send the files over encrypted somehow. ...
Actually, we often don't bother sending the srvtab over
encrypted at all. We often simply copy the srvtab into a
protect filesystem and copy it to the machine all in the clear.
Then, once it's there, we run
krsvutil change
to change the keys via the admin protocol. This is analogous to
giving a user an initial password and telling him/her to change
it immediately.
As you can imagine, there are quite a number of ways of doing
this. I wrote a fairly program to generate srvtabs on the
server machine directly via the admin protocol. The kerberos
admin logs into the server (presumably physically at the
machine), and types his admin password to this client which then
uses the admin protocol to create new principals with random
keys and write them into a srvtab file in the correct format.
This program is not in the kerberos release because I wrote it
after development on kerberos V had already started. If you are
interested in this utility, feel free to send me personal mail.
(I'm sure that if there is a problem with my giving it away,
someone on this end will tell me so... :-) )
Jay Berkenbilt
Project Athena