Two enctype questions
Ken Hornstein
kenh at cmf.nrl.navy.mil
Wed Apr 30 14:36:37 EDT 2008
>1. I notice that on 1.6.3, getprinc shows 'no salt' for all keys, even
>though the enctypes in kdc.conf's supported-enctypes all specify a salt
>type of ':normal', which I thought meant salt with principal name and
>realm. Why is this?
"No salt" means "normal" in this case. Yes, that doesn't make any sense;
I only report the news, not make it.
>2. Is there any way to change the enctype of the master database key?
"no" (unless you're willing to write a fair amount of database-fiddling
code, and probably lose your password history in the process).
--Ken
More information about the Kerberos
mailing list