[39452] in Kerberos
Shell start script for krb5kdc/kadmind with prompt for K/M passphrase
daemon@ATHENA.MIT.EDU (Stefan Hartmann)
Mon Sep 16 12:53:48 2024
Message-ID: <120e2c25-3ed8-4def-bde0-32701d4c315b@hafenthal.de>
Date: Mon, 16 Sep 2024 18:51:59 +0200
MIME-Version: 1.0
To: kerberos@mit.edu
Content-Language: en-US, de-DE
From: Stefan Hartmann <stefanh@hafenthal.de>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: kerberos-bounces@mit.edu
Hello,
has someone a Sysv-init or Openrc start script for the krb5kdc/kadmind
daemons which prompts at the starting phase for manually input the K/M
passphrase. Or as enhancement uses Opensc pkcs15 to input a pin, decrypt
and provide the passphrase to the daemon.
I know the options -m and -n but my testing was not sucessfull with eg
start-stop-daemon.
I didn't find anything in the www, therefore my request.
I dont use systemd - I use Devuan or Alpine Linux, hence SysV-init or
openrc.
Nb: my krb5kdcs/kadminds with LDAP backend run for years with encrypted
/var/lib partitions, but now I will only encrypt the long-time keys -
Keep it Simple.
Thanks,
Stefan Hartmann - ib.hafenthal.de
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
