Filter
Top Products
Administering the Kerberos Server
Changing a Key Type
Chapter 8 165
Changing a Key Type
For a strong enterprise wide security between the Kerberos servers and
clients, all principals must have 3DES keys using Normal (V5) salt.
Changing a DES-CRC or DES-MD5 Principal Key Type
to 3DES
If you are changing the key type for a service principal that has extracted
keys, complete the following steps on the host system where the service
resides:
Step 1. Log on using a principal account that contains the required
administrative permission, and launch the remote administrator, HP
Kerberos Administrator.
Step 2. In the HP Kerberos Administrator window, choose the Principals tab
and select the realm of the principal.
Step 3. Click List All or Search to find the principal.
Step 4. Select the principal name from List of Principals and click Edit to
display the Principal Information window as shown in Figure 8-2.
Step 5. Choose the Password tab in the Principal Information window.
Step 6. Under the Key and Salt Types, select the primary and secondary key
types and salt types. If the principal was formerly DES-CRC or
DES-MD5 principal, you can retain one key as DES and set the other
key to 3DES.
Step 7. Click OK.
The Change Password window appears because you must generate a new
password if you change the key or salt type.
NOTE Consider the following points while changing the password:
• If the principal is a user principal, enter a new password.