Hey there folks,
We've recently gone through all the hard work of switching off 3des on our
kdcs and rolling all the things, but one of the things we note is that
some of our users still have the keys with the old enctypes present. Is
there a way to delete just those deprecated keys, without forcing a
password change?
Failed password attempts: 0
Number of keys: 5
Key: vno 2, aes256-cts-hmac-sha1-96
Key: vno 2, aes128-cts-hmac-sha1-96
Key: vno 2, DEPRECATED:des3-cbc-sha1 <-- Yeet?
Key: vno 2, aes128-cts-hmac-sha256-128
Key: vno 2, aes256-cts-hmac-sha384-192
MKey: vno 3
Attributes: REQUIRES_PRE_AUTH
Policy: [none]
-Dan
--
--------Dan Mahoney--------
Techie, Sysadmin, WebGeek
Gushi on efnet/undernet IRC
FB: fb.com/DanielMahoneyIV
LI: linkedin.com/in/gushi
Site: http://www.gushi.org
---------------------------
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
