master key type in kdc.conf
Greg Hudson
ghudson at mit.edu
Sun Oct 3 13:15:46 EDT 2021
On 10/3/21 3:36 AM, Dan Mahoney (Gushi) wrote:
> We're in the process of rolling our mkey to get off 3des, and we found
> that someone in the before-times has put this line in our kdc.conf:
>
> master_key_type = des3-hmac-sha1
[...]
> Would things break if I just took this line out? Or would the kdc fail to
> start because a K/M of the default enctype isn't present yet?
>From a review of the code, I am pretty sure that this setting is only
used when the mkey is entered from the keyboard (including during KDB
creation). Assuming you are using a stash file, you should be able to
remove this setting.
More information about the Kerberos
mailing list