Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 Kerberos Server Version 3.12 Administrator's Guide: HP-UX 11i v3 > Chapter 8 Administering the Kerberos Server

Changing a Key Type
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

For a strong enterprise wide security between the Kerberos servers and clients, all principals must have 3DES keys using Normal (V5) salt.

Changing a DES-CRC or DES-MD5 Principal Key Type to 3DES

If you are changing the key type for a service principal that has extracted keys, complete the following steps on the host system where the service resides:

  1. Log on using a principal account that contains the required administrative permission, and launch the remote administrator, HP Kerberos Administrator.

  2. In the HP Kerberos Administrator window, choose the Principals tab and select the realm of the principal.

  3. Click List All or Search to find the principal.

  4. Select the principal name from List of Principals and click Edit to display the Principal Information window as shown in Figure 8-2 “Principal Information Window”.

  5. Choose the Password tab in the Principal Information window.

  6. Under the Key and Salt Types, select the primary and secondary key types and salt types. If the principal was formerly DES-CRC or DES-MD5 principal, you can retain one key as DES and set the other key to 3DES.

  7. Click OK.

    The Change Password window appears because you must generate a new password if you change the key or salt type.

    NOTE: Consider the following points while changing the password:

    • If the principal is a user principal, enter a new password.

    • If the principal is a service principal with an extracted key, select the Generate Random Key check box to generate a random key.

  8. Click OK to close the Change Password window.

  9. Click OK to close the Principal Information window.

If the principal is a user principal, communicate the new temporary password to the user. During next logon, the principal must change the password.

If the principal is a service principal, extract the new key for the principal. For more information on this procedure, see “Extracting Service Keys”.



Password Tab (Principal Information Window)
  		 


Changing Principal Attributes  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2007 Hewlett-Packard Development Company, L.P.