On 2 December 2013 12:31, Russ Allbery <r...@debian.org> wrote: > It's never been clear to me why you would ever care to have a known master > key password, as opposed to just using kstash --random-key. The only > reason I can think of would be to recover the Kerberos KDC database when > you have a copy of the database but not the master key, but I'm not sure > why you would be in that state. It's just as easy to back up the master > key file along with the database. >
Yes, agreed. It seemed a good idea at the time... Maybe --random-key wasn't available when I initially wrote that stuff. Or maybe I just didn't know about it. -- Brian May <br...@microcomaustralia.com.au>