Search the FAQ Archives

3 - A - B - C - D - E - F - G - H - I - J - K - L - M
N - O - P - Q - R - S - T - U - V - W - X - Y - Z
faqs.org - Internet FAQ Archives

Kerberos FAQ, v2.0 (last modified 8/18/2000)
Section - 2.21. How do a rename a principal?

( Single Page )
[ Usenet FAQs | Web FAQs | Documents | RFC Index | Business Photos and Profiles ]


Top Document: Kerberos FAQ, v2.0 (last modified 8/18/2000)
Previous Document: 2.20. What is v5passwdd? Do I need to run it?
Next Document: 2.22. What is the difference between the "-a valid" and the "-a user" flags for telnetd?
See reader questions & answers on this topic! - Help others by sharing your knowledge
In Kerberos 5, you don't :-)

There currently is no way to rename a principal using the MIT V5 admin
system (even though the man page for kadmin claims otherwise).

The issue is that in Kerberos 5, the key is salted using the full principal
name, so changing the principal name would invalidate the user's password.
However, since the Kerberos database provides the ability to store an
alternate key salt, this could actually be implemented.

The current workaround is to simply delete the old principal name and create
the new principal name.

User Contributions:

Comment about this article, ask questions, or add new information about this topic:

CAPTCHA




Top Document: Kerberos FAQ, v2.0 (last modified 8/18/2000)
Previous Document: 2.20. What is v5passwdd? Do I need to run it?
Next Document: 2.22. What is the difference between the "-a valid" and the "-a user" flags for telnetd?

Single Page

[ Usenet FAQs | Web FAQs | Documents | RFC Index ]

Send corrections/additions to the FAQ Maintainer:
Ken Hornstein <kenh@cmf.nrl.navy.mil>





Last Update March 27 2014 @ 02:11 PM