[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Changing of krbtgt key


I read that it preferable to change the key of the TGS periodically from
time to time for security reasons. But when doing this with Heimdal 0.6
the old key is destroyed at once.

When trying to get a new service ticket with a TGT I got before changing
the TGS key I get the following error message:

krb5_mk_req failed: Key version is not available

Why isn't the old key available any more? AFS KA-Server changed the TGS
key on its own. That's not a feature I must have. But I would like to be
able to change it and not have to do a new kinit.


Andreas Haupt         E-Mail: ahaupt@ifh.de
 DESY Zeuthen
 Platanenallee 6
 15738 Zeuthen