On Wednesday, September 27, 2006 01:26:22 PM -0700 "Henry B. Hotz" <[EMAIL PROTECTED]> wrote:
> > On Sep 27, 2006, at 11:10 AM, Jeffrey Hutzelman wrote: > >> >> >> On Wednesday, September 27, 2006 08:52:52 AM -0700 "Henry B. Hotz" >> <[EMAIL PROTECTED]> wrote: >> >>> Heimdal uses a standard keytab file for the master password. In >>> Heimdal kadmin you can do: >>> >>> add -r M/K >>> del_enc M/K <all encryption types except the one you want> > mod --kvno==<desired next version #> M/K ;-) >>> ext_key -k <master key stash location> M/K >>> delete M/K >> >> You can, but if you do that multiple times, you'll end up with >> multiple keys with the same kvno. Since Heimdal records for each >> record the version of the master key that was used to encrypt it >> (if any), it can handle multiple keys and do a gradual transition. >> But that won't work if you keep reusing the same version. >> >> Also, that's rather convoluted compared to >> >> ktutil add -r -p M/K > > So it is. You can't delete it from the master DB afterwards with > ktutil, but I guess you're advocating just leaving it there so you don't > have to track the version number yourself? 'ktutil add' doesn't talk to the server at all; it only manipulates the keytab. So, the entry never gets added to the database. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
