[
https://issues.apache.org/jira/browse/DIRKRB-20?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15010147#comment-15010147
]
Xu Yaning commented on DIRKRB-20:
---------------------------------
User's key should be encrypted with server master key before stored in the
backend. One problem is that master's is also stored in the backend. To get its
own key, master has to decrypt the encrypted key with its key. That's
contradictory. Maybe we can store master's key in memory?
> Encrypt user keys with server master key
> ----------------------------------------
>
> Key: DIRKRB-20
> URL: https://issues.apache.org/jira/browse/DIRKRB-20
> Project: Directory Kerberos
> Issue Type: New Feature
> Reporter: Enrique Rodriguez
> Assignee: Enrique Rodriguez
>
> User keys are currently stored in the DIT as plaintext keys, for example, in
> the krb5key. These keys should be encrypted with the server master key. The
> server master key should be stored in the Eve system partition.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
