Hey all, We're in the process of rolling our mkey to get off 3des, and we found that someone in the before-times has put this line in our kdc.conf:
master_key_type = des3-hmac-sha1 Obviously, that's not going to be the master key type of the new key, and of course, I think when this command came out, there was no "use mkey" format, so this was perhaps a primitive rollover method? Would things break if I just took this line out? Or would the kdc fail to start because a K/M of the default enctype isn't present yet? Does it make sense to remove this line before rollover or after? (This might be worth a mention in the docs). -Dan -- --------Dan Mahoney-------- Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC FB: fb.com/DanielMahoneyIV LI: linkedin.com/in/gushi Site: http://www.gushi.org --------------------------- ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
