changing long term keys for services on windows

Nikhil Mishra nikhilm at gs-lab.com
Wed Feb 25 09:04:21 EST 2009


Hi All ,

Can a windows service long term key be changed on the fly? 


What I mean is when the machine hosting service joins the domain
long term keys are exchanged between service and KDC ( This is what
I understand . Please correct me If I am not ).

If as a KDC admin I would like to change the key being used for
encrypting service tickets for the service , Is there a way to do it ?

If I somehow change the key for given SPN ( using ktpass ) on KDC
is it possible to communicate this back to service ?Does KDC do it
automatically ?Is there some event it waits for before syncing keys with
service ?


Thanks

Nikhil



More information about the Kerberos mailing list