[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1052962: Use modern key type for MIT Kerberos database master key



Package: debian-edu-config
Version: 2.12.36

Currently Kerberos is configured to use des3-hmac-sha1 key types, the 
setting in /etc/krb5kdc/kdc.conf should probably just be removed so a 
sane default value is used. This probably only needs to be changed for
new installations and it is not woth the effort to change existing 
master keys.  However, it is possible to upgrade them if desired.

See 
https://web.mit.edu/kerberos/krb5-latest/doc/admin/advanced/retiring-des.html#the-database-master-key
for details.

-- 
Guido Berhoerster


Reply to: