Remembering Master Password - Kerberos

This is a discussion on Remembering Master Password - Kerberos ; In big bold letters we are warned to "NOT FORGET" the password to the database. For years I have kept my password faithfully documented and I have _never_ used it. Why do I need to remember my database master password? ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Remembering Master Password

  1. Remembering Master Password

    In big bold letters we are warned to "NOT FORGET" the password to the
    database. For years I have kept my password faithfully documented and I
    have _never_ used it. Why do I need to remember my database master
    password?

    Can I randomize the database master password similar to using -randkey
    on my service principals?

    Thanks,
    Jason C. Wells

  2. Re: Remembering Master Password


    > In big bold letters we are warned to "NOT FORGET" the password to the
    > database. For years I have kept my password faithfully documented and I
    > have _never_ used it. Why do I need to remember my database master
    > password?


    You have two options with your master password. One is to keep
    a copy on disk (what you seem to have done) and the other is to
    be prompted for it each time the KDC starts. In any event if you
    forget (and lose the file with) the master password your KDC DB
    is useless as it can not be decrypted to be used.

    > Can I randomize the database master password similar to using -randkey
    > on my service principals?


    I don't think I've seen a procedure documented to do that,
    if you really want to do that, I'd try it on a test realm
    first for sure!

    John
    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


+ Reply to Thread