> On Mar 14, 2017, at 9:43 AM, Adam Lewenberg <> wrote:
> How do I re-encrypt the entries of the Heimdal KDC database if I want to 
> change its master key?

Shut down all daemons on the master.

hprop --decrypt --stdout | hpropd --stdin

Restart all daemons.

That’s from memory. I think some other options may be needed, like keytab 
files. I published this once in a presentations at one of the AFS&Kerb best 
practices workshops, but I don’t remember the year.

