Change Realm Name
Greg Hudson
ghudson at MIT.EDU
Fri Jul 9 17:00:42 EDT 2010
On Fri, 2010-07-09 at 13:59 -0400, Russ Allbery wrote:
> IIRC, there's some way to permit this with recent Kerberos clients that
> can support an alternative salt, but I don't remember the details of how
> to make it work. But hopefully those keywords will help get you pointed
> in the right direction.
I don't think the Kerberos clients have to be all that recent. I see
references to PW_SALT and ETYPE_INFO padata types at least as far back
as 1.1. ETYPE_INFO2 support didn't come in until 1.3 (apparently) but I
don't think that's necessary.
In theory, it would be possible to modify all of the principal entries
to contain an explicit salt. I don't know of specific tools to do this,
although I wouldn't be surprised if someone had written one (in the form
of a dumpfile transformation tool, most likely).
More information about the Kerberos
mailing list