Want to thank you for your pointers. I went through a dry run today and found
that I needed to rekey 4 of my service principals, update KDC's to issue all
new principals with old and new encryption types, and have my users who want to
use these higher enctypes right away, change their
I know this seems like an idiotic thing, but here is the scenario. I have a
multi KDC setup that has been the backbone of Kerberos for a large
organization. Traditionally we have had to keep week crypto around because of
some legacy tools that cannot be rewritten at this time.
I want to
Hi William,
On Sun, 19 Oct 2014, William Clark wrote:
I know this seems like an idiotic thing, but here is the scenario. I
have a multi KDC setup that has been the backbone of Kerberos for a
large organization. Traditionally we have had to keep week crypto
around because of some legacy
