[24244] in Kerberos
Re: Updating encryption types
daemon@ATHENA.MIT.EDU (Phil Dibowitz)
Thu Jul 7 20:22:09 2005
Date: Thu, 7 Jul 2005 17:21:19 -0700
From: Phil Dibowitz <phil@usc.edu>
To: Tom Yu <tlyu@mit.edu>
Message-ID: <20050708002119.GX8907@usc.edu>
Mail-Followup-To: Tom Yu <tlyu@MIT.EDU>, Kevin Coffman <kwc@citi.umich.edu>,
Toan Nguyen <toan@usc.edu>, kerberos@MIT.EDU
Mime-Version: 1.0
In-Reply-To: <ldvpstukwbv.fsf@cathode-dark-space.mit.edu>
cc: Toan Nguyen <toan@usc.edu>
cc: Kevin Coffman <kwc@citi.umich.edu>
cc: kerberos@mit.edu
Content-Type: multipart/mixed; boundary="===============86416378076746625=="
Errors-To: kerberos-bounces@mit.edu
--===============86416378076746625==
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="2VOk7s3pVsDYAazo"
Content-Disposition: inline
--2VOk7s3pVsDYAazo
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Thu, Jul 07, 2005 at 07:52:52PM -0400, Tom Yu wrote:
> >>>>> "phil" =3D=3D Phil Dibowitz <phil@usc.edu> writes:
>=20
> phil> 2. As expected doing the cpw on the krbtgt/ISD.USC.EDU ticket provi=
des us
> phil> with:
>=20
> phil> Key: vno 2, ArcFour with HMAC/md5, no salt
> phil> Key: vno 2, Triple DES cbc mode with HMAC/sha1, no salt
> phil> Key: vno 2, DES cbc mode with CRC-32, no salt
> phil> Key: vno 1, DES cbc mode with CRC-32, no salt
>=20
> phil> and since the kvno is updated, that means I will need to
> phil> regenerage/ktadd the new version of the key stashfile on all
> phil> KDC's used to start the KDC, right?
>=20
> No, you will simply need to kprop the updated database. The krbtgt
> key is not stored in any keytab. The stashfile stores the master key,
> not the krbtgt key.
That's what I thought, thanks.
I've grabbed my kerb book and my notes and I have a few unrelated questions
that I will ask in another email.
--=20
Phil Dibowitz
Systems Architect and Administrator
Enterprise Infrastructure / ISD / USC
UCC 180 - 213-821-5427
--2VOk7s3pVsDYAazo
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQFCzcb/7lkZ1Iyv898RArE0AJ9mgvhibysHCm8sQFtwK7/2ZQ+BNQCgjL/g
GZmFrdpm1NaboJ2IhXkhYMw=
=8AME
-----END PGP SIGNATURE-----
--2VOk7s3pVsDYAazo--
--===============86416378076746625==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
--===============86416378076746625==--
