question about modifying master_key_type
Ken Hornstein
kenh at cmf.nrl.navy.mil
Thu Jun 23 10:23:24 EDT 2005
>I did a little digging but was unable to determine if it was possible to
>change the master_key_type kdc.conf parameter to another enctype and
>then modify an existing principal DB to protect the existing principal
>keys using the new master key. If this is possible, how does one go
>about it?
I tried it once. It turns out there are a number of barriers:
- There's no tool to do it.
- If you write a tool, you will discover that the master key enctype is
(inexplicitly) used as the enctype for the history key.
At that point I gave up, but there may be more problems.
--Ken
More information about the Kerberos
mailing list