Stashing the Master Key

The kdb_stash utility stores the master key, the encrypted master password, to a stash file. This utility runs on the primary and secondary security servers. Use the kdb_stash utility to store the master key in a stash file. You must specify the same key type and master password that you specified when you created the database.




	NOTE: If you have used the kdb_create -s utility while creating your database, you already have a stash file.

If you store the password in a disk file, it may allow an intruder to gain access to the principal database. Therefore, secure the file carefully.

The general syntax for stashing the master key is as follows:

kdb_stash [-e enctype] [-f keyfile] [-M mkeyname] [-r REALM]

The kdb_stash utility uses the following options:

-e enctype

Specifies the encryption type to be used to generate the master key. The type you specify must be the same as the type you specified while creating the database. Following are the encryption types that are supported:

3DES or 5: DES-CBC-MD5 (default)
DES-MD5 or 3: DES-CBC-MD5
DES-CRC or 1: DES-CBC-CRC

-f keyfile

Stashes the key in an alternate key file named keyfile. If you do not use the -f switch, the default keyfile is .k5.REALM.

-M mkeyname

Specifies an alternate for the primary principal name. The default primary principal name is K/M@REALM.

-r REALM

Stashes the principal database key for the realm REALM. By default, kdb_stash uses the realm defined in the krb.conf file. If the file does not exist, the command uses the uppercase equivalent of the domain name.

Following is an example of using kdb_stash:

shell% kdb_stash -f <filename>
Enter password: <password>
Re-enter password for verification: <password>

Stashing the Master Key

Technical documentation

» Table of Contents

» Glossary

» Index