Administering the Kerberos Server
Changing a Key Type
|
| Changing a Key Type |
|
| For a strong enterprise wide security between the Kerberos servers and |
|
| clients, all principals must have 3DES keys using Normal (V5) salt. |
|
| Changing a |
|
| to 3DES |
|
| If you are changing the key type for a service principal that has extracted |
|
| keys, complete the following steps on the host system where the service |
|
| resides: |
Step | 1. | Log on using a principal account that contains the required |
|
| administrative permission, and launch the remote administrator, HP |
|
| Kerberos Administrator. |
Step | 2. | In the HP Kerberos Administrator window, choose the Principals tab |
|
| and select the realm of the principal. |
Step | 3. | Click List All or Search to find the principal. |
Step | 4. | Select the principal name from List of Principals and click Edit to |
|
| display the Principal Information window as shown in Figure |
Step | 5. | Choose the Password tab in the Principal Information window. |
Step | 6. | Under the Key and Salt Types, select the primary and secondary key |
|
| types and salt types. If the principal was formerly |
|
| |
|
| key to 3DES. |
Step | 7. | Click OK. |
|
| The Change Password window appears because you must generate a new |
|
| password if you change the key or salt type. |
|
|
|
NOTE |
| Consider the following points while changing the password: |
|
| • If the principal is a user principal, enter a new password. |
Chapter 8 | 165 |