[2179] in Kerberos-V5-bugs
Re: Documentation lacking questions.
daemon@ATHENA.MIT.EDU (Sam Hartman)
Wed Aug 21 14:24:27 1996
To: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Cc: "Randall S. Winchester" <rsw@glue.umd.edu>, krb5-bugs@MIT.EDU
From: Sam Hartman <hartmans@MIT.EDU>
Date: 21 Aug 1996 14:24:01 -0400
In-Reply-To: Ken Hornstein's message of Wed, 21 Aug 1996 01:20:22 -0400
>>>>> "Ken" == Ken Hornstein <kenh@cmf.nrl.navy.mil> writes:
Ken> BTW, this brings up an interesting question; when you change
Ken> your password with the new kadmind that's coming out, will
Ken> you keep your old enctype, or will you get converted to the
Ken> supported_enctypes list? If we've voting, I vote for the
Ken> latter :-)
You get the supported_enctypes. This allows phased migration
of a databse from one enctype set to another. For example, you can
initially start with a krb4 databse, add both krb5-salted normal
entries and MD5 entries. Then, once DES3 becomes stable (probably not
Beta 7), you can add that as well. Once all your clients are krb5,
you can drop the krb4 keys, etc. There are a few caviats invovling
making sure you don't generate keys with random number generators that
aren't initialized that may limit the keys you can generate for random
keys, but I think most of that has been dealt with.
Ken> --Ken
