In a similar vien to my previous communication, I've found myself trying
to update my principles from 3DES to AES. While this was successful for
the most part, one of the issues that evades me is the correct way to
rekey kadmin/history, as it seems the usual process doesn't work.
Please could someone advise, as I haven't been able to find the Google
foo.
In a similar vien to my previous communication, I've found myself trying
to update my principles from 3DES to AES. While this was successful for
the most part, one of the issues that evades me is the correct way to
rekey kadmin/history, as it seems the usual process doesn't work.
Please could someone advise, as I haven't been able to find the Google
foo.
The official documentation has the answer:
https://web.mit.edu/kerberos/krb5-latest/doc/admin/database.html#updating-history-key
Basically you run "cpw -randkey kadmin/history". There's no proper
rollover support, unfortunately; all stored old keys get invalidated.
My memory of the code is that the old keys will stick around in the
database until the principal changes it's password.
--Ken
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 300 |
Nodes: | 16 (2 / 14) |
Uptime: | 15:16:36 |
Calls: | 6,706 |
Files: | 12,239 |
Messages: | 5,351,162 |