Change from the legacy des-cbc-crc to the default for kdb5_util and
kadmind, which is currently aes256-cts-hmac-sha1-96.
The **-k** *keytype* option specifies the key type of the master key
to be entered manually as a password when **-m** is given; the default
-is ``des-cbc-crc``.
+is |defmkey|.
The **-M** *mkeyname* option specifies the principal name for the
master key in the database (usually ``K/M`` in the KDC's realm).
case 'm': /* manual type-in of master key */
manual = TRUE;
if (menctype == ENCTYPE_UNKNOWN)
- menctype = ENCTYPE_DES_CBC_CRC;
+ menctype = DEFAULT_KDC_ENCTYPE;
break;
case 'M': /* master key name in DB */
mkey_name = optarg;
.sp
The \fB\-k\fP \fIkeytype\fP option specifies the key type of the master key
to be entered manually as a password when \fB\-m\fP is given; the default
-is \fBdes\-cbc\-crc\fP\&.
+is \fBaes256\-cts\-hmac\-sha1\-96\fP\&.
.sp
The \fB\-M\fP \fImkeyname\fP option specifies the principal name for the
master key in the database (usually \fBK/M\fP in the KDC\(aqs realm).
projects / thirdparty / krb5.git / commitdiff
