Shell start script for krb5kdc/kadmind with prompt for K/M passphrase from console or pkcs15 token via Opensc
From
Stefan Hartmann@stefanh@hafenthal.de to
kerberos on Mon Sep 16 18:51:59 2024
From Newsgroup: comp.protocols.kerberos
Hello,
has someone a Sysv-init or Openrc start script for the krb5kdc/kadmind
daemons which prompts at the starting phase for manually input the K/M passphrase. Or as enhancement uses Opensc pkcs15 to input a pin, decrypt
and provide the passphrase to the daemon.
I know the options -m and -n but my testing was not sucessfull with eg start-stop-daemon.
I didn't find anything in the www, therefore my request.
I dont use systemd - I use Devuan or Alpine Linux, hence SysV-init or
openrc.
Nb: my krb5kdcs/kadminds with LDAP backend run for years with encrypted /var/lib partitions, but now I will only encrypt the long-time keys -
Keep it Simple.
Thanks,
Stefan Hartmann - ib.hafenthal.de
--- Synchronet 3.21d-Linux NewsLink 1.2