[38999] in Kerberos
master key type in kdc.conf
daemon@ATHENA.MIT.EDU (Dan Mahoney (Gushi))
Sun Oct 3 03:39:18 2021
Date: Sun, 3 Oct 2021 00:36:23 -0700 (PDT)
From: "Dan Mahoney (Gushi)" <danm@prime.gushi.org>
To: kerberos@mit.edu
Message-ID: <7dedcb59-f09e-54ed-a0ce-5b5aac3357d@prime.gushi.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hey all,
We're in the process of rolling our mkey to get off 3des, and we found
that someone in the before-times has put this line in our kdc.conf:
master_key_type = des3-hmac-sha1
Obviously, that's not going to be the master key type of the new key, and
of course, I think when this command came out, there was no "use mkey"
format, so this was perhaps a primitive rollover method?
Would things break if I just took this line out? Or would the kdc fail to
start because a K/M of the default enctype isn't present yet?
Does it make sense to remove this line before rollover or after?
(This might be worth a mention in the docs).
-Dan
--
--------Dan Mahoney--------
Techie, Sysadmin, WebGeek
Gushi on efnet/undernet IRC
FB: fb.com/DanielMahoneyIV
LI: linkedin.com/in/gushi
Site: http://www.gushi.org
---------------------------
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
