[OpenAFS] Any way to create srvtabs for use with kaserver...

Nathan Rawling nrawling@firedrake.net
Thu, 28 Feb 2002 10:23:05 -0500 (EST)


Keep in mind, that aside from fancy formatting, a srvtab (or keytab) is
basically a cleartext password in a file.

It is trivial to recover passwords from srvtabs with 'od', or at least,
such has been my experience.

The real advantage of srvtabs/keytabs is that you can store a number
passwords in a file in a format that is easy to manage.

Nathan

On Thu, 28 Feb 2002, Marcus Watts wrote:

> Eric Knudstrup <eric@knudstrup.org> writes:
> > Subject: [OpenAFS] Any way to create srvtabs for use with kaserver...
> > Date: Thu, 28 Feb 2002 00:55:02 -0800 (PST)
> > 
> > without upgrading to Heimdal or MIT kdc (I have set up a system once like that
> > and decided I wanted to stay with the stock kaserver)?
> 
> Sure.  couple choices:
> (1) use some version of ksrvutil that asks for a password, and make
> sure you use the same (hopefully long random) password to make
> the principal using kas.
> 
> (2) build a copy of kaserver that understands "getkey", then write
> an application that calls "getkey" and saves the result in a
> srvtab.  Note: application must run on kdc, & this only works
> with empty instances
> 
> (3) write something that rummages through the kadatabase directly.
> doable, but messy.
> 
> (4) write a variation of "kpasswd" that resets the password to something
> random, then saves it into a file.  Generate the principal using
> kas, then use your utility.  The utility could also create the
> principal & set a random key all in one go.
> 
> (5) use kas to set the pw to a known value.  Then use the "stringtokey"
> function in kas to convert that same pw to a key.  Use perl to convert
> the key to a srvtab.
> 
> 			-Marcus Watts
> 			UM ITCS Umich Systems Group
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
> 
>