[3936] in Kerberos
Re: What to do when you lose the Kerberos Master password
daemon@ATHENA.MIT.EDU (Jeffrey I. Schiller)
Tue Sep 27 14:38:19 1994
Date: Tue, 27 Sep 94 14:24:52 -0400
From: Jeffrey I. Schiller <jis@MIT.EDU>
To: axelstep@ifi.uio.no
Cc: kerberos@MIT.EDU
In-Reply-To: <369efg$1na@gymir.ifi.uio.no> (axelstep@ifi.uio.no)
Date: 27 Sep 1994 16:41:36 +0100
From: axelstep@ifi.uio.no (Axel-Stephane C. Smxrgrav)
Organization: Dept. of Informatics, University of Oslo, Norway
Sender: usenet@cam.ov.com
Before I started doing some experiments with my sample database, I
thought it was possible to change the master password by dumping the
database, initialize a new database, and then reload the dumpfile into
the new database. I just discovered that this is not possible,
probably because the keys in the dumpfile are encrypted in the old
master key, and not decrypted as I thought they were.
Yep, the keys in the dump file are encrypted.
Is there any way to install a new Kerberos master password when you
have lost the old one? One possibility is hacking kdb_util in order to
make it not ask for the old password, and fetch the key from the
master key store. Is there an _easier_ way out??
Do you have /.k which contains the Kerberos DES master key (i.e., the
output from running the master password through string-to-key())? It is
*not* possible to restore the master key from the "K.M" principal in
the database.
-Jeff
