[29779] in Kerberos
Re: Two enctype questions
daemon@ATHENA.MIT.EDU (Ken Hornstein)
Wed Apr 30 14:39:02 2008
Message-Id: <200804301836.m3UIaaIE007111@hedwig.cmf.nrl.navy.mil>
To: MIT Kerberos Mailing List <kerberos@mit.edu>
In-Reply-To: <20080430105054.F16650@malcolm.berkeley.edu>
Date: Wed, 30 Apr 2008 14:36:37 -0400
From: Ken Hornstein <kenh@cmf.nrl.navy.mil>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
>1. I notice that on 1.6.3, getprinc shows 'no salt' for all keys, even
>though the enctypes in kdc.conf's supported-enctypes all specify a salt
>type of ':normal', which I thought meant salt with principal name and
>realm. Why is this?
"No salt" means "normal" in this case. Yes, that doesn't make any sense;
I only report the news, not make it.
>2. Is there any way to change the enctype of the master database key?
"no" (unless you're willing to write a fair amount of database-fiddling
code, and probably lose your password history in the process).
--Ken
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
