Kerberos Migration Question.
Greg Hudson
ghudson at mit.edu
Fri Aug 22 11:48:29 EDT 2014
On 08/22/2014 11:35 AM, Stephen Carville (Kerberos List) wrote:
> Everything works as expected -- so far :). Is it necessary or even
> possible to re-key the database to use the default (aes256-cts?) in
> newer version?
It isn't necessary, but it is possible, using the instructions here:
http://web.mit.edu/kerberos/krb5-latest/doc/admin/database.html#updating-the-master-key
You might get a slight KDC performance benefit from using AES instead of
DES3 for the master key, but it's unlikely to be noticeable.
More information about the Kerberos
mailing list