[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: MIT & Heimdal playing together?

To: ms419@freezone.co.uk
Subject: Re: MIT & Heimdal playing together?
From: Benjamin P Myers <dative@sukrahelitek.com>
Date: Mon, 18 Oct 2004 15:28:56 -0500
Cc: heimdal-discuss@sics.se
In-Reply-To: <7B7B08D4-2085-11D9-9756-0003931DA24A@freezone.co.uk>
References: <B602530A-156B-11D9-A1A4-0003931DA24A@freezone.co.uk> <200410081248.29682.dative@sukrahelitek.com> <7B7B08D4-2085-11D9-9756-0003931DA24A@freezone.co.uk>
Sender: owner-heimdal-discuss@sics.se
User-Agent: KMail/1.4.3

On Sunday 17 October 2004 04:42 pm, ms419@freezone.co.uk wrote:
> 	fis:~# kstash
> 	Master key:
> 	Verifying - Master key:
> 	kstash: writing key to `/var/lib/heimdal-kdc/m-key'
> 	fis:~# ssh tor kdb5_util dump -b7 > datatrans
> 	root@tor's password:
> 	fis:~# scp tor:/etc/krb5kdc/stash .
> 	root@tor's password:
> 	fis:~# hprop -m stash -d datatrans --source=mit-dump -n | hpropd -n

Hmm.  Could you try
 'hprop -m stash -d datatrans --source=mit-dump --decrypt -n'?

You might then be able to worry about re-encrypting with a different master 
key in a later step.  In my recollection, I copied my mit kdc's master key to 
/var/heimdal/m-key directly, used hprop to do the decryption, deleted the 
master key once I was done, and didn't use kstash at all.  Unfortunately, I 
don't remember the exact arguments to hprop that made it work.  

Good Luck,
Ben

Follow-Ups:
- Re: MIT & Heimdal playing together?
  - From: "Henry B. Hotz" <hotz@jpl.nasa.gov>

References:
- MIT & Heimdal playing together?
  - From: ms419@freezone.co.uk
- Re: MIT & Heimdal playing together?
  - From: Benjamin P Myers <dative@sukrahelitek.com>
- Re: MIT & Heimdal playing together?
  - From: ms419@freezone.co.uk

Prev by Date: [PATCH] reauth functionality for kinit
Next by Date: Re: MIT & Heimdal playing together?
Prev by thread: Re: MIT & Heimdal playing together?
Next by thread: Re: MIT & Heimdal playing together?
Index(es):
- Date
- Thread