Filter
Top Products
Administering the Kerberos Server
Kerberos Database Utilities
Chapter 8228
• DES-MD5
• DES-CRC
The encryption type selected during database creation determines the
encryption type applied to the master password, which in turn is used to
create the key that secures all records stored in the principal database.
Encrypt the database using DES encryption if you are installing a
secondary security server that has an existing principal database
encrypted using DES. In this case, do not create the database during
installation. Instead, use the kdb_create utility to create the database
after installation.
Regardless of the database encryption choice, the installation program
always installs both DES and 3DES algorithms. Therefore, you can
specify any key type for individual principal accounts in the database.
Database Master Password
When you create the principal database, you must supply a master
password. The master password, along with the specified encryption
type, generates the master key that protects the database entries. In
other words, the stored keys of each principal account are encrypted with
the master key. This provides double security protection for each stored
key.
The kdb_create utility prompts you for the master key for the Kerberos
database. This key can be any string. A good key is one you can
remember, but that no one else can guess. Examples of bad keys are
words that can be found in a dictionary; any common or popular name,
especially a famous person or a cartoon character; or your user name in
any form (forward, backward, repeated twice, and so on).