[ Usenet FAQs | Search | Web FAQs | Documents | RFC Index ]
Single Page
Top Document: Kerberos FAQ, v2.0 (last modified 8/18/2000)
Previous Document: 2.5. There's a lot of stuff in the krb5.conf and kdc.conf files. What does it all mean, and what do I really need?
Next Document: 2.7. How do I set up slave servers?
-
Search the FAQ Archives
Single Page
Top Document: Kerberos FAQ, v2.0 (last modified 8/18/2000)
Previous Document: 2.5. There's a lot of stuff in the krb5.conf and kdc.conf files. What does it all mean, and what do I really need?
Next Document: 2.7. How do I set up slave servers?
2.6. How do I change the master key?
In Kerberos 5 .. you don't :-) It is possible for you to change the master key using the kadmin. However, the master key is also probably stored in a stash file (depending on your site) and is used to encrypt all of the entries in the database. If you change the master key with kadmin, you won't change it in the stash file or reencrypt all of the entries in the database. Note that there are no technical obstacles in doing this; Kerberos 4 provided a command to change the master key, and it did all of the right things. However, no one has implemented this functionality (yet) for Kerberos 5.
Top Document: Kerberos FAQ, v2.0 (last modified 8/18/2000)
Previous Document: 2.5. There's a lot of stuff in the krb5.conf and kdc.conf files. What does it all mean, and what do I really need?
Next Document: 2.7. How do I set up slave servers?
Single Page
[ Usenet FAQs | Search | Web FAQs | Documents | RFC Index ]
Send corrections/additions to the FAQ Maintainer:
Ken Hornstein <kenh@cmf.nrl.navy.mil>
Last Update December 01 2008 @ 00:11 AM