Two enctype questions

Mike Friedman mikef at berkeley.edu
Wed Apr 30 15:37:26 EDT 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 30 Apr 2008 at 14:36 (-0400), Ken Hornstein wrote:

>> 1.  I notice that on 1.6.3, getprinc shows 'no salt' for all keys, even 
>> though the enctypes in kdc.conf's supported-enctypes all specify a salt 
>> type of ':normal', which I thought meant salt with principal name and 
>> realm.  Why is this?
>
> "No salt" means "normal" in this case.  Yes, that doesn't make any 
> sense; I only report the news, not make it.
>
>> 2.  Is there any way to change the enctype of the master database key?
>
> "no" (unless you're willing to write a fair amount of database-fiddling 
> code, and probably lose your password history in the process).

Ken,

Thanks for the definitive answers.  I may not like the answer to (2), but 
at least now I know where I stand.  As for (1), I figured as much, but had 
to ask, given how non-intuitive it is.

Mike

_________________________________________________________________________
Mike Friedman                        Information Services & Technology
mikef at berkeley.edu                   2484 Shattuck Avenue
1-510-642-1410                       University of California at Berkeley
http://mikef.berkeley.edu            http://ist.berkeley.edu
_________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (FreeBSD)

iEYEARECAAYFAkgYynYACgkQFgKSfLOvZ1S2hACfXG7nLcpIvQ97kpVthwbCzjAQ
UjwAn0W2G7oGV4f20tmli7k1Ldlzhy4R
=w8io
-----END PGP SIGNATURE-----



More information about the Kerberos mailing list