[1137] in Kerberos_V5_Development
Re: motivation for multiple keys per principal
daemon@ATHENA.MIT.EDU (Barry Jaspan)
Wed May 8 14:02:05 1996
Date: Wed, 8 May 1996 14:01:31 -0400
From: "Barry Jaspan" <bjaspan@MIT.EDU>
To: basch@lehman.com
Cc: krbdev@MIT.EDU
In-Reply-To: <199605081754.NAA00035@badger.lehman.com> (basch@lehman.com)
> What was the motivation for supporting multiple keys per principal?
> Is there a reason other than a smooth migration from DES to 3-DES?
Such as a V4 to V5 migration...
V4 to V5 migration can be accomplished by populating the V5 database
with no-salt principals, and having the "change password" function
store the new pw with the V5 salt option of choice; once all
principals have changed their passwords, the migrationg is complete.
Also, sometimes it is necessary to
support multiple enctypes for awhile, until all the clients are updated.
Well, that was my question. What enctypes do we envision using this
for, other an DES and 3-DES?
Barry
