Changing the database master key
Sam Hartman
hartmans at MIT.EDU
Thu Aug 31 14:16:30 EDT 2006
>>>>> "Ken" == Ken Hornstein <kenh at cmf.nrl.navy.mil> writes:
Ken> The problem is that you can change the master key ... but
Ken> only to another key of the same enctype.
Ken> When I investigated this ... it turns out that while the
Ken> enctype is stored in the stash file, none of the code makes
Ken> use of that. And also, the history key enctype is derived
Ken> from the master key enctype. Neither of these are
Ken> insurmountable problems ... but at that point, I gave up.
Ken> Maybe this is fixed in newer versions of MIT Kerberos ...
Ken> but I suspect when you try it, it will fail.
It is not.
But a patch committed by Russ would be welcome.:-)
More information about the Kerberos
mailing list