Changing realms
Douglas E. Engert
deengert at anl.gov
Tue Jul 30 14:50:51 EDT 2002
Sridhar Bandi wrote:
>
> Hello Alfred,
>
> Changing the realm name may not be possible to take
> the dump and the load it as the keys that are derived
> from the password depends on the realm name for some salt types.
>
> So if the realm name is changed then the key will become
> invalid.
It should be possible to add a special salt with the old realm name.
We started to use this when we decommissioned our DCE cell in favor
of an MIT KDC. They had different realm names so we added the DCE key,
and set the salt type to KRB5_KDB_SALTTYPE_SPECIAL. Thus preauth would
return the salt to use which is different from the new realm name.
>
> Regards
> Bandi
>
> Alfred Hovdestad wrote:
>
> > s there any way to change the realm name in Kerberos? We are
> > trying to dump our Kerbreos database, change the realm name,
> > and reload the database.
> >
> > Alfred Hovdestad
> > System Administrator
> > University of Saskatchewan
> >
> > --
>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> http://mailman.mit.edu/mailman/listinfo/kerberos
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
More information about the Kerberos
mailing list