On Thu, Jul 07, 2005 at 07:52:52PM -0400, Tom Yu wrote: > >>>>> "phil" == Phil Dibowitz <[EMAIL PROTECTED]> writes: > > phil> 2. As expected doing the cpw on the krbtgt/ISD.USC.EDU ticket provides > us > phil> with: > > phil> Key: vno 2, ArcFour with HMAC/md5, no salt > phil> Key: vno 2, Triple DES cbc mode with HMAC/sha1, no salt > phil> Key: vno 2, DES cbc mode with CRC-32, no salt > phil> Key: vno 1, DES cbc mode with CRC-32, no salt > > phil> and since the kvno is updated, that means I will need to > phil> regenerage/ktadd the new version of the key stashfile on all > phil> KDC's used to start the KDC, right? > > No, you will simply need to kprop the updated database. The krbtgt > key is not stored in any keytab. The stashfile stores the master key, > not the krbtgt key.
That's what I thought, thanks. I've grabbed my kerb book and my notes and I have a few unrelated questions that I will ask in another email. -- Phil Dibowitz Systems Architect and Administrator Enterprise Infrastructure / ISD / USC UCC 180 - 213-821-5427
pgplxgZpR9Ml1.pgp
Description: PGP signature
________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
