[3932] in Kerberos
What to do when you lose the Kerberos Master password
daemon@ATHENA.MIT.EDU (Axel-Stephane C. Smxrgrav)
Tue Sep 27 13:51:23 1994
To: kerberos@MIT.EDU
Date: 27 Sep 1994 16:41:36 +0100
From: axelstep@ifi.uio.no (Axel-Stephane C. Smxrgrav)
Before I started doing some experiments with my sample database, I
thought it was possible to change the master password by dumping the
database, initialize a new database, and then reload the dumpfile into
the new database. I just discovered that this is not possible,
probably because the keys in the dumpfile are encrypted in the old
master key, and not decrypted as I thought they were.
Then of course, if you try the new_master_key option of kdb_util (I am
talking about KRB 4), you are prompted for the old master password,
which you have forgotten.
Is there any way to install a new Kerberos master password when you
have lost the old one? One possibility is hacking kdb_util in order to
make it not ask for the old password, and fetch the key from the
master key store. Is there an _easier_ way out??
-ascs
