Bug ID: 6290237 KDC Master-key Enctype Migration

Bug ID	6290237
Synopsis	KDC Master-key Enctype Migration
State	3-Accepted (Yes, that is a problem)
Category:Subcategory	kerberosv5_bundled:kdc
Keywords	enctype \| kdb \| kerberos \| master_key_enctype
Responsible Engineer	William Fiveash
Reported Against	s10
Duplicate Of
Introduced In
Commit to Fix
Fixed In
Release Fixed
Related Bugs
Submit Date	24-June-2005
Last Update Date	8-April-2009
Description	If one has an existing KDB (princ DB) protected with the default master key enctype of des-cbc-crc, there is no way to modify the master_key_enctype in kdc.conf, generate a new master key with that enctype and migrate the existing KDB to be protected with the new key. This is not good as our kerberos has been enhanced with support for stronger enctypes which should be used to protect the secret keys stored in the KDB. xxxxx@xxxxx.com 2005-06-24 00:04:24 GMT
Work Around	N/A
Comments	N/A

OpenSolaris