[30761] in Kerberos
changing long term keys for services on windows
daemon@ATHENA.MIT.EDU (Nikhil Mishra)
Wed Feb 25 10:08:19 2009
Message-ID: <49A54FE5.8040206@gs-lab.com>
Date: Wed, 25 Feb 2009 19:34:21 +0530
From: Nikhil Mishra <nikhilm@gs-lab.com>
MIME-Version: 1.0
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hi All ,
Can a windows service long term key be changed on the fly?
What I mean is when the machine hosting service joins the domain
long term keys are exchanged between service and KDC ( This is what
I understand . Please correct me If I am not ).
If as a KDC admin I would like to change the key being used for
encrypting service tickets for the service , Is there a way to do it ?
If I somehow change the key for given SPN ( using ktpass ) on KDC
is it possible to communicate this back to service ?Does KDC do it
automatically ?Is there some event it waits for before syncing keys with
service ?
Thanks
Nikhil
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
