Principal: tlyu/admin@BLEEP.COM
Expiration date: [never]
Last password change: Mon Aug 12 14:16:47 EDT 1996
- Password expiration date: [none]
+ Password expiration date: [never]
Maximum ticket life: 0 days 10:00:00
Maximum renewable life: 7 days 00:00:00
Last modified: Mon Aug 12 14:16:47 EDT 1996 (bjaspan/admin@BLEEP.COM)
Last successful authentication: [never]
Last failed authentication: [never]
Failed password attempts: 0
- Number of keys: 2
- Key: vno 1, des-cbc-crc
- Key: vno 1, des-cbc-crc:v4
+ Number of keys: 1
+ Key: vno 1, aes256-cts-hmac-sha384-192
+ MKey: vno 1
Attributes:
Policy: [none]
$ kdb5_util tabdump -o keyinfo.txt keyinfo
$ cat keyinfo.txt
name keyindex kvno enctype salttype salt
+ K/M@EXAMPLE.COM 0 1 aes256-cts-hmac-sha384-192 normal -1
foo@EXAMPLE.COM 0 1 aes128-cts-hmac-sha1-96 normal -1
bar@EXAMPLE.COM 0 1 aes128-cts-hmac-sha1-96 normal -1
- bar@EXAMPLE.COM 1 1 des-cbc-crc normal -1
$ sqlite3
sqlite> .mode tabs
sqlite> .import keyinfo.txt keyinfo
- sqlite> select * from keyinfo where enctype like 'des-cbc-%';
- bar@EXAMPLE.COM 1 1 des-cbc-crc normal -1
+ sqlite> select * from keyinfo where enctype like 'aes256-%';
+ K/M@EXAMPLE.COM 1 1 aes256-cts-hmac-sha384-192 normal -1
sqlite> .quit
- $ awk -F'\t' '$4 ~ /des-cbc-/ { print }' keyinfo.txt
- bar@EXAMPLE.COM 1 1 des-cbc-crc normal -1
+ $ awk -F'\t' '$4 ~ /aes256-/ { print }' keyinfo.txt
+ K/M@EXAMPLE.COM 1 1 aes256-cts-hmac-sha384-192 normal -1
ENVIRONMENT
$ kdb5_util list_mkeys
Master keys for Principal: K/M@KRBTEST.COM
- KVNO: 1, Enctype: des-cbc-crc, Active on: Wed Dec 31 19:00:00 EST 1969 *
+ KVNO: 1, Enctype: aes256-cts-hmac-sha384-192, Active on: Thu Jan 01 00:00:00 UTC 1970 *
#. On the master KDC, run ``kdb5_util use_mkey 1`` to ensure that a
master key activation list is present in the database. This step
``trillium.mit.edu``)::
trillium% kadmin
- kadmin5: ktadd host/trillium.mit.edu ftp/trillium.mit.edu
- pop/trillium.mit.edu
- kadmin: Entry for principal host/trillium.mit.edu@ATHENA.MIT.EDU with
- kvno 3, encryption type DES-CBC-CRC added to keytab
- FILE:/etc/krb5.keytab.
- kadmin: Entry for principal ftp/trillium.mit.edu@ATHENA.MIT.EDU with
- kvno 3, encryption type DES-CBC-CRC added to keytab
- FILE:/etc/krb5.keytab.
- kadmin: Entry for principal pop/trillium.mit.edu@ATHENA.MIT.EDU with
- kvno 3, encryption type DES-CBC-CRC added to keytab
- FILE:/etc/krb5.keytab.
- kadmin5: quit
+ Authenticating as principal root/admin@ATHENA.MIT.EDU with password.
+ Password for root/admin@ATHENA.MIT.EDU:
+ kadmin: ktadd host/trillium.mit.edu ftp/trillium.mit.edu pop/trillium.mit.edu
+ Entry for principal host/trillium.mit.edu@ATHENA.MIT.EDU with kvno 3, encryption type aes256-cts-hmac-sha384-192 added to keytab FILE:/etc/krb5.keytab.
+ kadmin: Entry for principal ftp/trillium.mit.edu@ATHENA.MIT.EDU with kvno 3, encryption type aes256-cts-hmac-sha384-192 added to keytab FILE:/etc/krb5.keytab.
+ kadmin: Entry for principal pop/trillium.mit.edu@ATHENA.MIT.EDU with kvno 3, encryption type aes256-cts-hmac-sha384-192 added to keytab FILE:/etc/krb5.keytab.
+ kadmin: quit
trillium%
If you generate the keytab file on another host, you need to get a
Entry for principal host/kerberos-1.mit.edu with kvno 2, encryption
type aes128-cts-hmac-sha1-96 added to keytab FILE:/etc/krb5.keytab.
Entry for principal host/kerberos-1.mit.edu with kvno 2, encryption
- type des3-cbc-sha1 added to keytab FILE:/etc/krb5.keytab.
+ type aes256-cts-hmac-sha384-192 added to keytab FILE:/etc/krb5.keytab.
Entry for principal host/kerberos-1.mit.edu with kvno 2, encryption
type arcfour-hmac added to keytab FILE:/etc/krb5.keytab.
.\" Man page generated from reStructuredText.
.
-.TH "KADMIN" "1" " " "1.17" "MIT Kerberos"
+.TH "KADMIN" "1" " " "1.18" "MIT Kerberos"
.SH NAME
kadmin \- Kerberos V5 database administration program
.
Principal: tlyu/admin@BLEEP.COM
Expiration date: [never]
Last password change: Mon Aug 12 14:16:47 EDT 1996
-Password expiration date: [none]
+Password expiration date: [never]
Maximum ticket life: 0 days 10:00:00
Maximum renewable life: 7 days 00:00:00
Last modified: Mon Aug 12 14:16:47 EDT 1996 (bjaspan/admin@BLEEP.COM)
Last successful authentication: [never]
Last failed authentication: [never]
Failed password attempts: 0
-Number of keys: 2
-Key: vno 1, des\-cbc\-crc
-Key: vno 1, des\-cbc\-crc:v4
+Number of keys: 1
+Key: vno 1, aes256\-cts\-hmac\-sha384\-192
+MKey: vno 1
Attributes:
Policy: [none]
.SH AUTHOR
MIT
.SH COPYRIGHT
-1985-2018, MIT
+1985-2019, MIT
.\" Generated by docutils manpage writer.
.
$ kdb5_util tabdump \-o keyinfo.txt keyinfo
$ cat keyinfo.txt
name keyindex kvno enctype salttype salt
+K/M@EXAMPLE.COM 0 1 aes256\-cts\-hmac\-sha384\-192 normal \-1
foo@EXAMPLE.COM 0 1 aes128\-cts\-hmac\-sha1\-96 normal \-1
bar@EXAMPLE.COM 0 1 aes128\-cts\-hmac\-sha1\-96 normal \-1
-bar@EXAMPLE.COM 1 1 des\-cbc\-crc normal \-1
$ sqlite3
sqlite> .mode tabs
sqlite> .import keyinfo.txt keyinfo
-sqlite> select * from keyinfo where enctype like \(aqdes\-cbc\-%\(aq;
-bar@EXAMPLE.COM 1 1 des\-cbc\-crc normal \-1
+sqlite> select * from keyinfo where enctype like \(aqaes256\-%\(aq;
+K/M@EXAMPLE.COM 1 1 aes256\-cts\-hmac\-sha384\-192 normal \-1
sqlite> .quit
-$ awk \-F\(aq\et\(aq \(aq$4 ~ /des\-cbc\-/ { print }\(aq keyinfo.txt
-bar@EXAMPLE.COM 1 1 des\-cbc\-crc normal \-1
+$ awk \-F\(aq\et\(aq \(aq$4 ~ /aes256\-/ { print }\(aq keyinfo.txt
+K/M@EXAMPLE.COM 1 1 aes256\-cts\-hmac\-sha384\-192 normal \-1
.ft P
.fi
.UNINDENT
##### Holds the default encryption/salt type combinations of principals for
##### the Realm. Stores in the form of key:salt strings.
-##### Example: des-cbc-crc:normal
+##### Example: aes256-cts-hmac-sha384-192:normal
dn: cn=schema
changetype: modify
##### ONLYREALM
##### SPECIAL
##### AFS3
-##### Example: des-cbc-crc:normal
+##### Example: aes256-cts-hmac-sha384-192:normal
#####
##### This attribute obsoletes the krbSupportedEncTypes and krbSupportedSaltTypes
##### attributes.
##### Holds the default encryption/salt type combinations of principals for
##### the Realm. Stores in the form of key:salt strings. This will be
##### subset of the supported encryption/salt types.
-##### Example: des-cbc-crc:normal
+##### Example: aes256-cts-hmac-sha384-192:normal
attributetype ( 2.16.840.1.113719.1.301.4.42.1
NAME 'krbDefaultEncSaltTypes'
##### ONLYREALM
##### SPECIAL
##### AFS3
-##### Example: des-cbc-crc:normal
+##### Example: aes256-cts-hmac-sha384-192:normal
attributetype ( 2.16.840.1.113719.1.301.4.43.1
NAME 'krbSupportedEncSaltTypes'
projects / thirdparty / krb5.git / commitdiff
