On 3/14/2017 3:57 PM, Nico Williams wrote:
On Tue, Mar 14, 2017 at 03:54:36PM -0700, Adam Lewenberg wrote:
If you use a master key and you back up all your files _except_ the master
key to some remote location, wouldn't that suffice to protect the database
in that remote location?
No. The p
On Tue, Mar 14, 2017 at 03:54:36PM -0700, Adam Lewenberg wrote:
> If you use a master key and you back up all your files _except_ the master
> key to some remote location, wouldn't that suffice to protect the database
> in that remote location?
No. The problem is that the master key is not used t
On 3/14/2017 12:54 PM, Nico Williams wrote:
On Tue, Mar 14, 2017 at 12:32:10PM -0700, Russ Allbery wrote:
"Henry B (Hank) Hotz, CISSP" writes:
Shut down all daemons on the master.
hprop --decrypt --stdout | hpropd --stdin
Restart all daemons.
You probably also want to shut down incre
On Tue, Mar 14, 2017 at 06:41:06PM -0400, Jeffrey Hutzelman wrote:
> On March 14, 2017 6:32:13 PM EDT, Nico Williams wrote:
> >On Tue, Mar 14, 2017 at 03:26:57PM -0700, Henry B (Hank) Hotz, CISSP
> >wrote:
> >> Probably, but encrypting the key material separately doesn’t seem
> >like a bad thing.
On March 14, 2017 6:32:13 PM EDT, Nico Williams wrote:
>On Tue, Mar 14, 2017 at 03:26:57PM -0700, Henry B (Hank) Hotz, CISSP
>wrote:
>> Probably, but encrypting the key material separately doesn’t seem
>like a bad thing.
>
>It's a waste of CPU cycles. It adds no real protection _by itself_
>unles
On Tue, Mar 14, 2017 at 03:26:57PM -0700, Henry B (Hank) Hotz, CISSP wrote:
> > On Mar 14, 2017, at 12:54 PM, Nico Williams wrote:
> > Good point, but actually restarting the daemons does not force a full
> > resync. You have to remove the iprop log file (on the master and/or the
> > slaves -- ei
> On Mar 14, 2017, at 12:54 PM, Nico Williams wrote:
>
> On Tue, Mar 14, 2017 at 12:32:10PM -0700, Russ Allbery wrote:
>> "Henry B (Hank) Hotz, CISSP" writes:
>>> Shut down all daemons on the master.
>>
>>> hprop --decrypt --stdout | hpropd --stdin
>>
>>> Restart all daemons.
>>
>> You proba
On Tue, Mar 14, 2017 at 12:32:10PM -0700, Russ Allbery wrote:
> "Henry B (Hank) Hotz, CISSP" writes:
> > Shut down all daemons on the master.
>
> > hprop --decrypt --stdout | hpropd --stdin
>
> > Restart all daemons.
>
> You probably also want to shut down incremental propagation while you do
>
"Henry B (Hank) Hotz, CISSP" writes:
> Shut down all daemons on the master.
> hprop --decrypt --stdout | hpropd --stdin
> Restart all daemons.
You probably also want to shut down incremental propagation while you do
this. I think this should force a full resync when the slaves reconnect,
but
https://www.mail-archive.com/heimdal-discuss@sics.se/msg00334.html
There’s also a long, historically-interesting, thread on migrating from MIT
that includes an example.
> On Mar 14, 2017, at 11:51 AM, Henry B (Hank) Hotz, CISSP
> wrote:
>
>> On Mar 14, 2017, at 9:43 AM, Adam Lewenberg wrote:
How’s the contract coming?
> On Mar 14, 2017, at 9:43 AM, Adam Lewenberg wrote:
>
> How do I re-encrypt the entries of the Heimdal KDC database if I want to
> change its master key?
Shut down all daemons on the master.
hprop --decrypt --stdout | hpropd --stdin
Restart all daemons.
That’s fr
How do I re-encrypt the entries of the Heimdal KDC database if I want to
change its master key?
12 matches
Mail list logo
