[7607] in Kerberos
Master key confusion
daemon@ATHENA.MIT.EDU (Ken Hornstein)
Mon Jul 8 14:36:18 1996
To: kerberos@MIT.EDU
Date: 8 Jul 1996 14:07:14 -0400
From: kenh@cmf.nrl.navy.mil (Ken Hornstein)
I was talking with a friend last week about the Kerberos 5 database, and
we realized there was some confusion about the way the master key works.
(Just for the record, I'm running MIT Kerberos 5 beta 6).
I know that all the entries in the Kerberos 5 database are encrypted with
the master key. I'm wondering, however, if it's possible to ever _change_
the master key? I mean, I know it's possible to say "cpw K/M", but I'm
wondering if that keeps the old key around for decrypting older passwords,
or would you have to change all the passwords at that time as well? Or is
it not really practical to change the master key at all?
Also, is the key entered at KDC startup/kdb5_stash the master key used to
decrypt all passwords, or is it just used to decrypt the master key
stored in the database (K/M) and the master key in the database is actually
used to decrypt everything?
(Geez, I'm not sure if that last sentence made any sense or not :-) ).
--Ken
