[36396] in Kerberos
Re: Kerberos Migration Question.
daemon@ATHENA.MIT.EDU (Greg Hudson)
Fri Aug 22 11:48:42 2014
Message-ID: <53F7664D.1090907@mit.edu>
Date: Fri, 22 Aug 2014 11:48:29 -0400
From: Greg Hudson <ghudson@mit.edu>
MIME-Version: 1.0
To: "Stephen Carville (Kerberos List)" <b44261a2@opayq.com>, kerberos@mit.edu
In-Reply-To: <53F7632A.8040106@opayq.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On 08/22/2014 11:35 AM, Stephen Carville (Kerberos List) wrote:
> Everything works as expected -- so far :). Is it necessary or even
> possible to re-key the database to use the default (aes256-cts?) in
> newer version?
It isn't necessary, but it is possible, using the instructions here:
http://web.mit.edu/kerberos/krb5-latest/doc/admin/database.html#updating-the-master-key
You might get a slight KDC performance benefit from using AES instead of
DES3 for the master key, but it's unlikely to be noticeable.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
