Filter
Top Products
Administering the Kerberos Server
Manual Administration Using kadmin
Chapter 8 223
You cannot set this attribute using the command-line administrator.
Maximum Renew Time Attribute
The Maximum Renew Time attribute controls the renew time limit for
renewable tickets. If you set the renew time longer than the renew time
assigned to the krbtgt/REALM@REALM principal, the settings in the
krbtgt/ principal take precedence.
You cannot set this attribute using the command-line administrator.
Key Type Attribute
The Key Type attribute generates a secret key. You must carefully decide
which encryption type to use for the secret key.
Each principal can be associated with two different secret keys. These
are called the primary and secondary keys. Each key is associated with
an encryption type. The encryption type designates the encryption
algorithm used to generate the secret key. Following are the supported
encryption types:
• DES3 (Security-Enhanced Triple Data Encryption Standard)
• DES-MD5
• DES-CRC
You cannot set this attribute using the command-line administrator.
Salt Type Attribute
A salt is a string of characters added to the beginning of a password
before the password is transformed into a secret key. Salts strengthen
passwords and ensure that principals with the same password do not
have the same key. Salt settings apply only to user principals; service
principals use a random key, and they do not require a designated salt
(they use a salt type of None).
You can control the salt type attributes using the Password tab in the HP
Kerberos Administrator Principal Information window.
You cannot set this attribute using the command-line administrator.