[24138] in Kerberos
Re: question about modifying master_key_type
daemon@ATHENA.MIT.EDU (Ken Hornstein)
Thu Jun 23 10:24:28 2005
Message-Id: <200506231423.j5NENNq9025139@ginger.cmf.nrl.navy.mil>
To: MIT Kerberos List <kerberos@mit.edu>
In-Reply-To: <20050622223813.GA5247@sun.com>
Date: Thu, 23 Jun 2005 10:23:24 -0400
From: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Errors-To: kerberos-bounces@mit.edu
>I did a little digging but was unable to determine if it was possible to
>change the master_key_type kdc.conf parameter to another enctype and
>then modify an existing principal DB to protect the existing principal
>keys using the new master key. If this is possible, how does one go
>about it?
I tried it once. It turns out there are a number of barriers:
- There's no tool to do it.
- If you write a tool, you will discover that the master key enctype is
(inexplicitly) used as the enctype for the history key.
At that point I gave up, but there may be more problems.
--Ken
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos