On Sep 27, 2006, at 11:10 AM, Jeffrey Hutzelman wrote: > > > On Wednesday, September 27, 2006 08:52:52 AM -0700 "Henry B. Hotz" > <[EMAIL PROTECTED]> wrote: > >> Heimdal uses a standard keytab file for the master password. In >> Heimdal kadmin you can do: >> >> add -r M/K >> del_enc M/K <all encryption types except the one you want> mod --kvno==<desired next version #> M/K ;-) >> ext_key -k <master key stash location> M/K >> delete M/K > > You can, but if you do that multiple times, you'll end up with > multiple keys with the same kvno. Since Heimdal records for each > record the version of the master key that was used to encrypt it > (if any), it can handle multiple keys and do a gradual transition. > But that won't work if you keep reusing the same version. > > Also, that's rather convoluted compared to > > ktutil add -r -p M/K
So it is. You can't delete it from the master DB afterwards with ktutil, but I guess you're advocating just leaving it there so you don't have to track the version number yourself? ------------------------------------------------------------------------ ---- The opinions expressed in this message are mine, not those of Caltech, JPL, NASA, or the US Government. [EMAIL PROTECTED], or [EMAIL PROTECTED] ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
