Two enctype questions
Mike Friedman
mikef at berkeley.edu
Wed Apr 30 15:37:26 EDT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, 30 Apr 2008 at 14:36 (-0400), Ken Hornstein wrote:
>> 1. I notice that on 1.6.3, getprinc shows 'no salt' for all keys, even
>> though the enctypes in kdc.conf's supported-enctypes all specify a salt
>> type of ':normal', which I thought meant salt with principal name and
>> realm. Why is this?
>
> "No salt" means "normal" in this case. Yes, that doesn't make any
> sense; I only report the news, not make it.
>
>> 2. Is there any way to change the enctype of the master database key?
>
> "no" (unless you're willing to write a fair amount of database-fiddling
> code, and probably lose your password history in the process).
Ken,
Thanks for the definitive answers. I may not like the answer to (2), but
at least now I know where I stand. As for (1), I figured as much, but had
to ask, given how non-intuitive it is.
Mike
_________________________________________________________________________
Mike Friedman Information Services & Technology
mikef at berkeley.edu 2484 Shattuck Avenue
1-510-642-1410 University of California at Berkeley
http://mikef.berkeley.edu http://ist.berkeley.edu
_________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (FreeBSD)
iEYEARECAAYFAkgYynYACgkQFgKSfLOvZ1S2hACfXG7nLcpIvQ97kpVthwbCzjAQ
UjwAn0W2G7oGV4f20tmli7k1Ldlzhy4R
=w8io
-----END PGP SIGNATURE-----
More information about the Kerberos
mailing list