-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [Sorry if two copies of this get sent out. The first one had a return address other than the one with which I'm subscribed to this list, so I'm sending this second copy to be sure it gets through at all].
I'm going to be moving our KDC to a new set of servers and a current release level of MIT K5 (going from 1.4.2 to 1.6.3). If it's feasible, I'd like to take this opportunity to move from DES to a better encryption algorithm for our KDCs. Questions: 1. Can conversion to a new encryption algorithm be done non-disruptively to users? What about users whose passwords were set back in our MIT K4 days (I'm not sure if we have any of those left - we've been on K5 for over 8 years - but it's possible we do). 2. What are all the steps involved? Since I'll be moving everything to new machines, I'm willing to do more than I would if this were just a release upgrade of my existing Kerberos environment. 3. Assuming this is all doable, any suggestions as to which encryption algorithm to use? Thanks. Mike _________________________________________________________________________ Mike Friedman Information Services & Technology [EMAIL PROTECTED] 2484 Shattuck Avenue 1-510-642-1410 University of California at Berkeley http://socrates.berkeley.edu/~mikef http://ist.berkeley.edu _________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 iQA/AwUBR7jkwK0bf1iNr4mCEQLikwCeMhk0dtacxqzhyvhq/vne+HGFZxYAoL+s ff+u5bRAwLbl1bQmt6U5yZsX =jPgu -----END PGP SIGNATURE----- ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
