changing long term keys for services on windows
Nikhil Mishra
nikhilm at gs-lab.com
Wed Feb 25 09:04:21 EST 2009
Hi All ,
Can a windows service long term key be changed on the fly?
What I mean is when the machine hosting service joins the domain
long term keys are exchanged between service and KDC ( This is what
I understand . Please correct me If I am not ).
If as a KDC admin I would like to change the key being used for
encrypting service tickets for the service , Is there a way to do it ?
If I somehow change the key for given SPN ( using ktpass ) on KDC
is it possible to communicate this back to service ?Does KDC do it
automatically ?Is there some event it waits for before syncing keys with
service ?
Thanks
Nikhil
More information about the Kerberos
mailing list