On 08/22/2014 11:35 AM, Stephen Carville (Kerberos List) wrote: > Everything works as expected -- so far :). Is it necessary or even > possible to re-key the database to use the default (aes256-cts?) in > newer version?
It isn't necessary, but it is possible, using the instructions here: http://web.mit.edu/kerberos/krb5-latest/doc/admin/database.html#updating-the-master-key You might get a slight KDC performance benefit from using AES instead of DES3 for the master key, but it's unlikely to be noticeable. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
