Installing, Configuring and Administering the Kerberos Server V 2.0 on HP-UX 11i

Administration

Changing Key Types

Chapter 6142

Changing Key Types

For the strongest enterprise-wide security between the Security Servers

and Clients, all principals must have 3DES keys using Normal (V5) salt.

To change a DES principal’s key type to 3DES

If you are changing the key type for a service principal that has extracted

keys, you must perform these steps on the host system where the service

resides. Launch the remote administrator, kadmin_ui, and log on using a

principal account with the required administrative permissions.

Step 1. In the kadminl_ui window, choose the Principals tab, and select the

principal’s realm.

Step 2. Find the principal using the List All or Search button.

Step 3. Select the principal name from the List of Principals and click Edit.

The Principal Information window appears.

Step 4. Select the Password tab.

Step 5. Under the Key and Salt Types, select the primary and secondary key

types and salt types. If the principal was formerly a DES principal, you

may want to retain one key as DES and set the other key to 3DES.

Step 6. Click OK. The Change Password window appears as a new password

must be generated if the key or salt type is changed.

Note the following:

• If the principal is a user principal, enter a new password.

• If the principal is a service principal with an extracted key, select the

check box to generate a random key.

Step 7. Click OK to close the Change Password window.

Step 8. If the principal is a user principal, inform the user of their new

temporary password. At the next logon, the principal is required to

change their password.