diff options
| author | Cy Schubert <cy@FreeBSD.org> | 2023-08-04 17:53:10 +0000 |
|---|---|---|
| committer | Cy Schubert <cy@FreeBSD.org> | 2023-08-04 17:53:10 +0000 |
| commit | 0320e0d5bb9fbb5da53478b3fd80ad79b110191d (patch) | |
| tree | e1185f75bd2d3f87b0c17f787debc3ee8648214b /doc/html/basic/stash_file_def.html | |
| parent | b0e4d68d5124581ae353493d69bea352de4cff8a (diff) | |
Diffstat (limited to 'doc/html/basic/stash_file_def.html')
| -rw-r--r-- | doc/html/basic/stash_file_def.html | 34 |
1 files changed, 16 insertions, 18 deletions
diff --git a/doc/html/basic/stash_file_def.html b/doc/html/basic/stash_file_def.html index f227b7d25263..37f0b500a44f 100644 --- a/doc/html/basic/stash_file_def.html +++ b/doc/html/basic/stash_file_def.html @@ -1,33 +1,31 @@ + <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> - <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> - - <title>stash file — MIT Kerberos Documentation</title> - + <title>stash file — MIT Kerberos Documentation</title> <link rel="stylesheet" href="../_static/agogo.css" type="text/css" /> <link rel="stylesheet" href="../_static/pygments.css" type="text/css" /> <link rel="stylesheet" href="../_static/kerb.css" type="text/css" /> - <script type="text/javascript"> var DOCUMENTATION_OPTIONS = { URL_ROOT: '../', - VERSION: '1.16', + VERSION: '1.21.1', COLLAPSE_INDEX: false, FILE_SUFFIX: '.html', - HAS_SOURCE: true + HAS_SOURCE: true, + SOURCELINK_SUFFIX: '.txt' }; </script> <script type="text/javascript" src="../_static/jquery.js"></script> <script type="text/javascript" src="../_static/underscore.js"></script> <script type="text/javascript" src="../_static/doctools.js"></script> <link rel="author" title="About these documents" href="../about.html" /> + <link rel="index" title="Index" href="../genindex.html" /> + <link rel="search" title="Search" href="../search.html" /> <link rel="copyright" title="Copyright" href="../copyright.html" /> - <link rel="top" title="MIT Kerberos Documentation" href="../index.html" /> - <link rel="up" title="Kerberos V5 concepts" href="index.html" /> <link rel="next" title="Supported date and time formats" href="date_format.html" /> <link rel="prev" title="replay cache" href="rcache_def.html" /> </head> @@ -61,19 +59,19 @@ <div class="documentwrapper"> <div class="bodywrapper"> - <div class="body"> + <div class="body" role="main"> <div class="section" id="stash-file"> <span id="stash-definition"></span><h1>stash file<a class="headerlink" href="#stash-file" title="Permalink to this headline">¶</a></h1> <p>The stash file is a local copy of the master key that resides in -encrypted form on the KDC’s local disk. The stash file is used to +encrypted form on the KDC’s local disk. The stash file is used to authenticate the KDC to itself automatically before starting the -<a class="reference internal" href="../admin/admin_commands/kadmind.html#kadmind-8"><em>kadmind</em></a> and <a class="reference internal" href="../admin/admin_commands/krb5kdc.html#krb5kdc-8"><em>krb5kdc</em></a> daemons (e.g., as part of the -machine’s boot sequence). The stash file, like the keytab file (see -<a class="reference internal" href="../admin/install_appl_srv.html#keytab-file"><em>The keytab file</em></a>) is a potential point-of-entry for a break-in, and +<a class="reference internal" href="../admin/admin_commands/kadmind.html#kadmind-8"><span class="std std-ref">kadmind</span></a> and <a class="reference internal" href="../admin/admin_commands/krb5kdc.html#krb5kdc-8"><span class="std std-ref">krb5kdc</span></a> daemons (e.g., as part of the +machine’s boot sequence). The stash file, like the keytab file (see +<a class="reference internal" href="../admin/install_appl_srv.html#keytab-file"><span class="std std-ref">The keytab file</span></a>) is a potential point-of-entry for a break-in, and if compromised, would allow unrestricted access to the Kerberos database. If you choose to install a stash file, it should be -readable only by root, and should exist only on the KDC’s local disk. +readable only by root, and should exist only on the KDC’s local disk. The file should not be part of any backup of the machine, unless access to the backup data is secured as tightly as access to the master password itself.</p> @@ -107,7 +105,7 @@ This means that the KDC will not be able to start automatically, such as after a <li class="toctree-l2"><a class="reference internal" href="ccache_def.html">Credential cache</a></li> <li class="toctree-l2"><a class="reference internal" href="keytab_def.html">keytab</a></li> <li class="toctree-l2"><a class="reference internal" href="rcache_def.html">replay cache</a></li> -<li class="toctree-l2 current"><a class="current reference internal" href="">stash file</a></li> +<li class="toctree-l2 current"><a class="current reference internal" href="#">stash file</a></li> <li class="toctree-l2"><a class="reference internal" href="date_format.html">Supported date and time formats</a></li> </ul> </li> @@ -134,8 +132,8 @@ This means that the KDC will not be able to start automatically, such as after a <div class="footer-wrapper"> <div class="footer" > - <div class="right" ><i>Release: 1.16</i><br /> - © <a href="../copyright.html">Copyright</a> 1985-2017, MIT. + <div class="right" ><i>Release: 1.21.1</i><br /> + © <a href="../copyright.html">Copyright</a> 1985-2023, MIT. </div> <div class="left"> |