[16559] in Kerberos-V5-bugs


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[krbdev.mit.edu #8913] Deleting master key principal entry shouldn't

daemon@ATHENA.MIT.EDU (Greg Hudson via RT)
Thu Jun 11 17:20:45 2020

From: "Greg Hudson via RT" <rt-comment@krbdev.mit.edu>
In-Reply-To: 
Message-ID: <rt-4.4.4-52594-1591910431-1812.8913-4-0@mit.edu>
To: "AdminCc of krbdev.mit.edu Ticket #8913":;
Date: Thu, 11 Jun 2020 17:20:31 -0400
MIME-Version: 1.0
Reply-To: rt-comment@krbdev.mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu

Thu Jun 11 17:20:31 2020: Request 8913 was acted upon.
 Transaction: Ticket created by ghudson@mit.edu
       Queue: krb5
     Subject: Deleting master key principal entry shouldn't be possible
       Owner: Nobody
  Requestors: ghudson@mit.edu
      Status: open
 Ticket <URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=8913 >

Running "kadmin.local delprinc K/M" pretty much bricks a KDB. Authentication
will continue to work as long as the current krb5kdc process is running, but
essentially all admin operations will fail, and (short of writing custom code)
there does not seem to be any way to recover. In contrast, other admin
principals like krbtgt/REALM can simply be recreated with random keys.

_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[16559] in Kerberos-V5-bugs

[krbdev.mit.edu #8913] Deleting master key principal entry shouldn't

daemon@ATHENA.MIT.EDU (Greg Hudson via RT)Thu Jun 11 17:20:45 2020

daemon@ATHENA.MIT.EDU (Greg Hudson via RT)
Thu Jun 11 17:20:45 2020