>>>>> "gdt" == Greg Troxel <[EMAIL PROTECTED]> writes:
gdt> It's not clear that 'krb524d -m' is supposed to read the master key gdt> from the keyboard, or if that is instruction to use the master key gdt> rather than the keytab. However, it seems not right that one could gdt> only use krb524d with a stash file. I would suggest that among all gdt> the programs that need the master key, '-m' be uniformly treated as gdt> reading the master key from the keyboard. gdt> Here's my patch, which surely breaks those with stash files. [...] It would appear that your patch would force the master key to be read from the keyboard, regardless of whether a stash file was intended. I believe the intent of "-m" as opposed to "-k" is to cause the krb524d to use the principal database instead of using a keytab. Adding an additional flag to specify that the master key is to be read from the keyboard might not be a bad idea, and the inability of krb524d to read the master key from the keyboard is arguably a bug. It's unfortunate that the "-m" flag means something different to the krb524d than to krb5kdc, or to other KDC daemons. I might attribute this discrepancy to the separate origin of krb524d, perhaps. Does anyone else have opinions on whether "krb524d -m" should be aligned with the other KDC daemons in terms of forcing it to read the master key from the keyboard? The alternative would be to preserve the "-m" flag with its current meaning, and to add an additional flag to mean "read master key from keyboard". ---Tom ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
