Installing, Configuring and Administering the Kerberos Server V 2.0 on HP-UX 11i
Administration
Stashing the Master Key
Chapter 6198
Stashing the Master Key
The kdb_stash utility stores the master key, the encrypted master
password, to a disk file. This utility runs on the primary and secondary
security servers. Use the kdb_stash utility to store the master key to a
stash file. You must specify the same key type and master password that
you specified when you created the database.
NOTE If you have used the kdb_create -s utility to create your database, you
already have a stash file.
Storing the password in a disk file may allow an intruder to gain access
to the principal database. Secure the file carefully.
The general syntax for this is:
kdb_stash [-e enctype] [-f keyfile] [-M mkeyname] [-r REALM]
The kdb_stash utility uses the following options:
-e enctype Specifies the encryption type to be used to generate the
master key. The type you specify must be the same as
the type you have specified while creating the
database. The three encryption types supported are:
• DES-CRC or 1: DES-CBC-CRC
• DES-MD5 or 3: DES-CBC-MD5
• 3DES or 5: DES-CBC-MD5 (default)
-f keyfile Stashes the key in an alternate key file named keyfile.
If you do not use the -f switch, the default is
.k5.REALM.
-M mkeyname Specifies an alternate primary principal name. The
default primary principal name is K/M@REALM.
-r REALM Stashes the principal database key for the realm
REALM. By default, kdb_stash uses the realm defined in
the krb.conf file. If the file does not exist, the
command uses the uppercase equivalent of the domain
name.