Remembering Master Password
John Hascall
john at iastate.edu
Sat Sep 23 09:42:51 EDT 2006
> In big bold letters we are warned to "NOT FORGET" the password to the
> database. For years I have kept my password faithfully documented and I
> have _never_ used it. Why do I need to remember my database master
> password?
You have two options with your master password. One is to keep
a copy on disk (what you seem to have done) and the other is to
be prompted for it each time the KDC starts. In any event if you
forget (and lose the file with) the master password your KDC DB
is useless as it can not be decrypted to be used.
> Can I randomize the database master password similar to using -randkey
> on my service principals?
I don't think I've seen a procedure documented to do that,
if you really want to do that, I'd try it on a test realm
first for sure!
John
More information about the Kerberos
mailing list