On 10/3/21 3:36 AM, Dan Mahoney (Gushi) wrote: > We're in the process of rolling our mkey to get off 3des, and we found > that someone in the before-times has put this line in our kdc.conf: > > master_key_type = des3-hmac-sha1 [...] > Would things break if I just took this line out? Or would the kdc fail to > start because a K/M of the default enctype isn't present yet?
>From a review of the code, I am pretty sure that this setting is only used when the mkey is entered from the keyboard (including during KDB creation). Assuming you are using a stash file, you should be able to remove this setting. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
