[19114] in Kerberos
patch: make krb524d read master key from keyboard
daemon@ATHENA.MIT.EDU (Greg Troxel)
Thu Apr 24 11:35:34 2003
To: kerberos@mit.edu
From: Greg Troxel <gdt@ir.bbn.com>
Date: 24 Apr 2003 11:34:15 -0400
Message-ID: <rmiy91zyknc.fsf@fnord.ir.bbn.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Errors-To: kerberos-bounces@mit.edu
I have the following patch (against 1.2.8) in my repository to enable
krb524d to take a master key from the command line.
This is of course not quite right since 'use master' and 'use master
from keyboard' are two different things.
Perhaps the master key code should try the stash file, and on failure
read from the keyboard. Then all these switches could simply be
omitted.
Do the assembled wizards think the right thing is adding a '-M' flag
to conditionalize the two added lines, so one can say '-m -M' to
indicate 'use master, and get it from the keyboard'? Or something
else?
(I'm a believer in using a UPS instead of a stash file - only losing
once in 4 years - so the patch below works fine for me. I realize it
isn't right for everyone.)
Index: src/krb524/krb524d.c
===================================================================
RCS file: /FOO-CVS/krb5/src/krb524/krb524d.c,v
retrieving revision 1.1.1.5
retrieving revision 1.4
diff -u -r1.1.1.5 -r1.4
--- src/krb524/krb524d.c 24 Apr 2003 15:01:22 -0000 1.1.1.5
+++ src/krb524/krb524d.c 24 Apr 2003 15:14:44 -0000 1.4
@@ -167,8 +167,11 @@
if (use_keytab)
init_keytab(context);
- if (use_master)
+ if (use_master) {
+ config_params.mkey_from_kbd = 1;
+ config_params.mask |= KADM5_CONFIG_MKEY_FROM_KBD;
init_master(context, &config_params);
+ }
memset((char *) &saddr, 0, sizeof(struct sockaddr_in));
saddr.sin_family = AF_INET;
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
