[15896] in Kerberos_V5_Development

home help back first fref pref prev next nref lref last post

Re: Master key migration and the stash command

daemon@ATHENA.MIT.EDU (Will Fiveash)
Mon Jun 14 15:58:17 2010

Date: Mon, 14 Jun 2010 14:58:03 -0500
From: Will Fiveash <will.fiveash@oracle.com>
To: ghudson@mit.edu
Message-ID: <20100614195803.GA24535@sun.com>
Mail-Followup-To: ghudson@mit.edu, krbdev@mit.edu
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <200901281853.n0SIrEbx016384@outgoing.mit.edu>
Cc: krbdev@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu

Is this something that should be revisited for the 1.9 release?  Note
that the lack of a stash command in the kdb5_ldap_util is an issue for
some as well.

On Wed, Jan 28, 2009 at 01:53:14PM -0500, Greg Hudson wrote:
> Currently, "kdb5_util stash" does the following:
> 
>   1. Open the database (or fail out)
>   2. (If there is an existing stash file, read in the master key and
>      forget about it; this is odd but unimportant)
>   3. Prompt for the master key
>   4. Verify the entered key against the database (or fail out)
>   5. Write out the stash file
> 
> There are two issues here.  First, you can't stash the password before
> creating the database, which complicates the setup of slave DBs.
> Second, part of the master key migration project plan requires a "sync
> the stash" operation to update the stash file with all master keys.
> (http://k5wiki.kerberos.org/wiki/Projects/Master_Key_Migration)
> 
> I was thinking of creating a "grand unified stash" command, which
> handles all of the use cases:
> 
>   * If there's a database but no valid stash file, prompt for the
>     master password, use it to retrieve all master keys, and write out
>     a stash file containing all master keys.
> 
>   * If there's a database and a valid stash file, use the stashed
>     master key to retrieve all DB master keys, and write out a stash
>     file containing all master keys.
> 
>   * If there's no database and no stash file, prompt for the master
>     password and stash it without verifying it.
> 
> Does this plan seem reasonable, or would people rather see separate
> kdb_util operations for "prompt and stash" and "update existing
> stash"?
> _______________________________________________
> krbdev mailing list             krbdev@mit.edu
> https://mailman.mit.edu/mailman/listinfo/krbdev

-- 
Will Fiveash
Oracle
Note my new work e-mail address: will.fiveash@oracle.com
http://opensolaris.org/os/project/kerberos/
Sent using mutt, a sweet text based e-mail app: http://www.mutt.org/
_______________________________________________
krbdev mailing list             krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev

home help back first fref pref prev next nref lref last post