Administration
Changing Key Types
|
| Changing Key Types |
|
| For the strongest |
|
| and Clients, all principals must have 3DES keys using Normal (V5) salt. |
|
| To change a DES principal’s key type to 3DES |
|
| If you are changing the key type for a service principal that has extracted |
|
| keys, you must perform these steps on the host system where the service |
|
| resides. Launch the remote administrator, kadmin_ui, and log on using a |
|
| principal account with the required administrative permissions. |
Step | 1. | In the kadminl_ui window, choose the Principals tab, and select the |
|
| principal’s realm. |
Step | 2. | Find the principal using the List All or Search button. |
Step | 3. | Select the principal name from the List of Principals and click Edit. |
|
| The Principal Information window appears. |
Step | 4. | Select the Password tab. |
Step | 5. | Under the Key and Salt Types, select the primary and secondary key |
|
| types and salt types. If the principal was formerly a DES principal, you |
|
| may want to retain one key as DES and set the other key to 3DES. |
Step | 6. | Click OK. The Change Password window appears as a new password |
|
| must be generated if the key or salt type is changed. |
|
| Note the following: |
•If the principal is a user principal, enter a new password.
•If the principal is a service principal with an extracted key, select the check box to generate a random key.
Step | 7. | Click OK to close the Change Password window. |
Step | 8. | If the principal is a user principal, inform the user of their new |
|
| temporary password. At the next logon, the principal is required to |
|
| change their password. |
142 | Chapter 6 |