On Wednesday, January 10, 2007 02:16:53 PM -0500 Ken Hornstein <[EMAIL PROTECTED]> wrote:
>> In addition to needing to enter a passphrase to launch krb5kdc (with >> the -m option), it looks like kdb5_util will also need a passphrase, >> understandably. >> >> This means that the traditional cronjob-triggered kprop -> kpropd >> replication won't work either, right? > > Actually, it shouldn't need a passphrase; the dump files contain the > encrypted keys not the decrypted ones, and that's what kprop/kpropd > pass around. I thought that the MIT folks told me that they run without > a stash file, and I see they have three KDCs. I can't speak for current code, but several years ago we ran MIT KDC's with only the master having a stash file, and propagation worked just fine. -- Jeff ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
