On 07/17/2017 07:48 PM, Joshua Schaeffer wrote:
>> 1222rc = krb5_db_get_principal(context, mname, 0,
>> &master_entry);
>> 1223if (rc == 0) {
>> 1224*kvno = (krb5_kvno)
>> master_entry->key_data->key_data_kvno;
>> 1225krb5_db
Hi guys,
Kind of a noob question, but here it goes.
When I export a principal's key to a keytab file using the following
command:
ktadd -k keytabfile service/host@REALM
(1) Does the keytabfile contain the key in encrypted form or as plaintext?
(2) Is it possible to export the key in encrypted fo
On 07/18/2017 12:48 PM, pratyush parimal wrote:
> When I export a principal's key to a keytab file using the following
> command:
>
> ktadd -k keytabfile service/host@REALM
>
> (1) Does the keytabfile contain the key in encrypted form or as plaintext?
The keytab file contains the actual keys, un
Greg Hudson writes:
> On 07/18/2017 12:48 PM, pratyush parimal wrote:
>> (2) Is it possible to export the key in encrypted form? If so, then how
>> does the service application open the encrypted keytab?
> The keytab file does not have any way to represent encrypted keys, and
> the kadmin protoc
Ah, I get it. It's much clearer now. Thanks guys!
On Jul 18, 2017 10:15 PM, "Russ Allbery" wrote:
> Greg Hudson writes:
> > On 07/18/2017 12:48 PM, pratyush parimal wrote:
>
> >> (2) Is it possible to export the key in encrypted form? If so, then how
> >> does the service application open the e
On 07/18/2017 09:50 AM, Greg Hudson wrote:
> The proximal bug is that master_entry->key_data is an array, bounded by
> master_entry->n_key_data, and this code isn't checking if
> master_entry->n_key_data > 0 before dereferencing the first element.
> You could fix that bug (set *kvno = 1 if n_key_da
