Search the FAQ Archives

3 - A - B - C - D - E - F - G - H - I - J - K - L - M
N - O - P - Q - R - S - T - U - V - W - X - Y - Z - Internet FAQ Archives

Kerberos FAQ, v2.0 (last modified 8/18/2000)
Section - 2.6. How do I change the master key?

( Single Page )
[ Usenet FAQs | Web FAQs | Documents | RFC Index | Sex offenders ]

Top Document: Kerberos FAQ, v2.0 (last modified 8/18/2000)
Previous Document: 2.5. There's a lot of stuff in the krb5.conf and kdc.conf files. What does it all mean, and what do I really need?
Next Document: 2.7. How do I set up slave servers?
See reader questions & answers on this topic! - Help others by sharing your knowledge
In Kerberos 5 .. you don't :-)

It is possible for you to change the master key using the kadmin. However,
the master key is also probably stored in a stash file (depending on your
site) and is used to encrypt all of the entries in the database. If you
change the master key with kadmin, you won't change it in the stash file or
reencrypt all of the entries in the database.

Note that there are no technical obstacles in doing this; Kerberos 4
provided a command to change the master key, and it did all of the right
things. However, no one has implemented this functionality (yet) for
Kerberos 5.

User Contributions:

Comment about this article, ask questions, or add new information about this topic: