On Sep 27, 2006, at 1:38 PM, Jeffrey Hutzelman wrote: > > On Wednesday, September 27, 2006 01:26:22 PM -0700 "Henry B. Hotz" > <[EMAIL PROTECTED]> wrote: >> >> On Sep 27, 2006, at 11:10 AM, Jeffrey Hutzelman wrote: >>> >>> On Wednesday, September 27, 2006 08:52:52 AM -0700 "Henry B. Hotz" >>> <[EMAIL PROTECTED]> wrote: >>> >>>> Heimdal uses a standard keytab file for the master password. In >>>> Heimdal kadmin you can do: >>>> >>>> add -r M/K >>>> del_enc M/K <all encryption types except the one you want> >> mod --kvno==<desired next version #> M/K ;-) >>>> ext_key -k <master key stash location> M/K >>>> delete M/K >>> >>> You can, but if you do that multiple times, you'll end up with >>> multiple keys with the same kvno. Since Heimdal records for each >>> record the version of the master key that was used to encrypt it >>> (if any), it can handle multiple keys and do a gradual transition. >>> But that won't work if you keep reusing the same version. >>> >>> Also, that's rather convoluted compared to >>> >>> ktutil add -r -p M/K >> >> So it is. You can't delete it from the master DB afterwards with >> ktutil, but I guess you're advocating just leaving it there so >> you don't >> have to track the version number yourself? > > 'ktutil add' doesn't talk to the server at all; it only manipulates > the keytab. So, the entry never gets added to the database.
I stand corrected. change or get interact with kadmind. I'm assuming from your omission that add will look at the existing kvno's and create the next one? ------------------------------------------------------------------------ ---- The opinions expressed in this message are mine, not those of Caltech, JPL, NASA, or the US Government. [EMAIL PROTECTED], or [EMAIL PROTECTED] ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos