I did a little digging but was unable to determine if it was possible to
change the master_key_type kdc.conf parameter to another enctype and
then modify an existing principal DB to protect the existing principal
keys using the new master key. If this is possible, how does one go
about it?
I
I recently learned how to program MIT Kerberos with no
previous knowledge of anything Kerberos related.
If you haven't already, you should first understand
how to use Kerberos and also understand the protocol
at a high level. Google for the The Moron's Guide to
Kerberos and play with kinit,
On Thu, Jun 23, 2005 at 10:23:24AM -0400, Ken Hornstein wrote:
I did a little digging but was unable to determine if it was possible to
change the master_key_type kdc.conf parameter to another enctype and
then modify an existing principal DB to protect the existing principal
keys using the new
Here are the KerberosTicket time details:
starttime specifies the time after which the ticket is valid.
endtime specifies it's expiration time.
authtime specifies the time of initial authentication for the principal.
The max lifetime of the Kerberos ticket is defined by the KDC (typically
8
