Changing the database master key

[Ken Hornstein]

>My understanding from previous discussions was that it was not possible to
>change the database master key for an MIT Kerberos KDC due to various bits
>that are encrypted in the master key.  However, I noticed that the
>kdb5_util man page seems to indicate that it can under dump:
>
>    -mkey_convert
>           prompts  for  a new master key.  This new master key will
>           be used to re-encrypt the key data in the dumpfile.   The
>           key data in the database will not be changed.
>
>    -new_mkey_file mkey_file
>           the  filename  of  a  stash file.  The master key in this
>           stash file will be used to re-encrypt the key data in the
>           dumpfile.   The  key  data  in  the  database will not be
>           changed.

The problem is that you can change the master key ... but only to another
key of the same enctype.

When I investigated this ... it turns out that while the enctype is
stored in the stash file, none of the code makes use of that.  And
also, the history key enctype is derived from the master key enctype.
Neither of these are insurmountable problems ... but at that point, I
gave up.  Maybe this is fixed in newer versions of MIT Kerberos ...
but I suspect when you try it, it will fail.

--Ken