>In a similar vien to my previous communication, I've found myself trying >to update my principles from 3DES to AES. While this was successful for >the most part, one of the issues that evades me is the correct way to >rekey kadmin/history, as it seems the usual process doesn't work. >Please could someone advise, as I haven't been able to find the Google >foo.
The official documentation has the answer: https://web.mit.edu/kerberos/krb5-latest/doc/admin/database.html#updating-history-key Basically you run "cpw -randkey kadmin/history". There's no proper rollover support, unfortunately; all stored old keys get invalidated. My memory of the code is that the old keys will stick around in the database until the principal changes it's password. --Ken ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos