Administering the Kerberos Server

Kerberos Database Utilities

DES-MD5

DES-CRC

The encryption type selected during database creation determines the encryption type applied to the master password, which in turn is used to create the key that secures all records stored in the principal database.

Encrypt the database using DES encryption if you are installing a secondary security server that has an existing principal database encrypted using DES. In this case, do not create the database during installation. Instead, use the kdb_create utility to create the database after installation.

Regardless of the database encryption choice, the installation program always installs both DES and 3DES algorithms. Therefore, you can specify any key type for individual principal accounts in the database.

Database Master Password

When you create the principal database, you must supply a master password. The master password, along with the specified encryption type, generates the master key that protects the database entries. In other words, the stored keys of each principal account are encrypted with the master key. This provides double security protection for each stored key.

The kdb_create utility prompts you for the master key for the Kerberos database. This key can be any string. A good key is one you can remember, but that no one else can guess. Examples of bad keys are words that can be found in a dictionary; any common or popular name, especially a famous person or a cartoon character; or your user name in any form (forward, backward, repeated twice, and so on).

228

Chapter 8

Page 228
Image 228
HP UX Kerberos Data Security Software manual Database Master Password