Administration

Creating the Kerberos Database

Encrypt the database using the DES encryption if you are installing a secondary security server that has an existing principal database encrypted using DES. In this case, do not create the database during installation, instead use the kdb_create utility to create the database after installation.

Regardless of the database encryption choice, the installation program always installs both DES and 3DES algorithms. Therefore you can specify either key type for individual principal accounts in the database.

Database Master Password

When you create the principal database, you supply a master password. The master password, along with the specified encryption type, is used to generate the master key that protects the database entries. In other words, the stored keys of each principal account are encrypted with the master key. This provides double security protection for each stored key.

The kdb_create will prompt you for the master key for the Kerberos database. This key can be any string. A good key is one you can remember, but that no one else can guess. Examples of bad keys are words that can be found in a dictionary, any common or popular name, especially a famous person or a cartoon character, your username in any form (e.g., forward, backward, repeated twice, etc.).

194

Chapter 6

Page 194
Image 194
HP UX Kerberos Data Security Software manual Database Master Password