[24243] in Kerberos
Re: Updating encryption types
daemon@ATHENA.MIT.EDU (Tom Yu)
Thu Jul 7 19:56:20 2005
To: Kevin Coffman <kwc@citi.umich.edu>
From: Tom Yu <tlyu@mit.edu>
Date: Thu, 07 Jul 2005 19:52:52 -0400
In-Reply-To: <20050707212259.GK8907@usc.edu> (Phil Dibowitz's message of
"Thu, 7 Jul 2005 14:22:59 -0700")
Message-ID: <ldvpstukwbv.fsf@cathode-dark-space.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
cc: Toan Nguyen <toan@usc.edu>
cc: kerberos@mit.edu
Errors-To: kerberos-bounces@mit.edu
>>>>> "phil" == Phil Dibowitz <phil@usc.edu> writes:
phil> 2. As expected doing the cpw on the krbtgt/ISD.USC.EDU ticket provides us
phil> with:
phil> Key: vno 2, ArcFour with HMAC/md5, no salt
phil> Key: vno 2, Triple DES cbc mode with HMAC/sha1, no salt
phil> Key: vno 2, DES cbc mode with CRC-32, no salt
phil> Key: vno 1, DES cbc mode with CRC-32, no salt
phil> and since the kvno is updated, that means I will need to
phil> regenerage/ktadd the new version of the key stashfile on all
phil> KDC's used to start the KDC, right?
No, you will simply need to kprop the updated database. The krbtgt
key is not stored in any keytab. The stashfile stores the master key,
not the krbtgt key.
---Tom
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
