[14892] in Kerberos
Re: Can we rename a principal yet?
daemon@ATHENA.MIT.EDU (Douglas E. Engert)
Wed Aug 1 08:57:01 2001
Message-ID: <3B67FCA5.395F9A84@anl.gov>
Date: Wed, 01 Aug 2001 07:57:09 -0500
From: "Douglas E. Engert" <deengert@anl.gov>
MIME-Version: 1.0
To: "Christopher P. Lindsey" <lindsey@mallorn.com>
CC: kerberos@MIT.EDU
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
"Christopher P. Lindsey" wrote:
>
> Yes, I know it's a FAQ, and yes, I know the key is (usually) salted
> with the entire principal name.
>
> In my specific case, I'm only salting the key with the realm name since
> the instance for many of these principals will change at a later date.
>
> As an aside, is there any way to specify an alternative salt via
> kadmin? The docs indicate that you can do '-e enctype:salttype' or
> even '-salt salttype', but neither appears to work for me. I can
> change/add it in kdc.conf, but that's not too exciting either.
>
I have a mod to kadmin, which would let you set the key and salt
for a principal. This was used when adding a key from a DCE cell during a
conversion.
If you are interested, drop me a note.
> Thanks,
>
> Chris
--
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
