Chapter 6
-r REALM
Stashes the principal database key for the realm REALM. By default, kdb_stash uses the realm defined in the krb.conf file. If the file does not exist, the command uses the uppercase equivalent of the domain name.
-M mkeyname
Specifies an alternate primary principal name. The default primary principal name is K/M@REALM.
-f keyfile
DES-CRCor 1: DES-CBC-CRC
DES-MD5or 3: DES-CBC-MD5
3DES or 5: DES-CBC-MD5(default)
Stashes the key in an alternate key file named keyfile. If you do not use the -f switch, the default is
.k5.REALM.
Stashing the Master Key
The kdb_stash utility stores the master key, the encrypted master password, to a disk file. This utility runs on the primary and secondary security servers. Use the kdb_stash utility to store the master key to a stash file. You must specify the same key type and master password that you specified when you created the database.
If you have used the kdb_create -sutility to create your database, you already have a stash file.
Storing the password in a disk file may allow an intruder to gain access to the principal database. Secure the file carefully.
The general syntax for this is:
kdb_stash [-e enctype] [-f keyfile] [-M mkeyname] [-r REALM] The kdb_stash utility uses the following options:
-e enctype Specifies the encryption type to be used to generate the master key. The type you specify must be the same as the type you have specified while creating the database. The three encryption types supported are:

Administration

Stashing the Master Key

NOTE

198