Installing, Configuring and Administering the Kerberos Server V 2.0 on HP-UX 11i
Administration
Creating the Kerberos Database
Chapter 6194
Encrypt the database using the DES encryption if you are installing a
secondary security server that has an existing principal database
encrypted using DES. In this case, do not create the database during
installation, instead use the kdb_create utility to create the database
after installation.
Regardless of the database encryption choice, the installation program
always installs both DES and 3DES algorithms. Therefore you can specify
either key type for individual principal accounts in the database.
Database Master Password
When you create the principal database, you supply a master password.
The master password, along with the speciļ¬ed encryption type, is used to
generate the master key that protects the database entries. In other
words, the stored keys of each principal account are encrypted with the
master key. This provides double security protection for each stored key.
The kdb_create will prompt you for the master key for the Kerberos
database. This key can be any string. A good key is one you can
remember, but that no one else can guess. Examples of bad keys are
words that can be found in a dictionary, any common or popular name,
especially a famous person or a cartoon character, your username in any
form (e.g., forward, backward, repeated twice, etc.).