[OpenAFS] Any way to create srvtabs for use with kaserver...
Nathan Rawling
nrawling@firedrake.net
Thu, 28 Feb 2002 10:23:05 -0500 (EST)
Keep in mind, that aside from fancy formatting, a srvtab (or keytab) is
basically a cleartext password in a file.
It is trivial to recover passwords from srvtabs with 'od', or at least,
such has been my experience.
The real advantage of srvtabs/keytabs is that you can store a number
passwords in a file in a format that is easy to manage.
Nathan
On Thu, 28 Feb 2002, Marcus Watts wrote:
> Eric Knudstrup <eric@knudstrup.org> writes:
> > Subject: [OpenAFS] Any way to create srvtabs for use with kaserver...
> > Date: Thu, 28 Feb 2002 00:55:02 -0800 (PST)
> >
> > without upgrading to Heimdal or MIT kdc (I have set up a system once like that
> > and decided I wanted to stay with the stock kaserver)?
>
> Sure. couple choices:
> (1) use some version of ksrvutil that asks for a password, and make
> sure you use the same (hopefully long random) password to make
> the principal using kas.
>
> (2) build a copy of kaserver that understands "getkey", then write
> an application that calls "getkey" and saves the result in a
> srvtab. Note: application must run on kdc, & this only works
> with empty instances
>
> (3) write something that rummages through the kadatabase directly.
> doable, but messy.
>
> (4) write a variation of "kpasswd" that resets the password to something
> random, then saves it into a file. Generate the principal using
> kas, then use your utility. The utility could also create the
> principal & set a random key all in one go.
>
> (5) use kas to set the pw to a known value. Then use the "stringtokey"
> function in kas to convert that same pw to a key. Use perl to convert
> the key to a srvtab.
>
> -Marcus Watts
> UM ITCS Umich Systems Group
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
>
>