[OpenAFS] Re: Moving Magic Trio to another domain

[Russ Allbery]

Andrew Deason <adeason@sinenomine.net> writes:

> For Kerberos, if you're using about MIT or Heimdal, this may be
> difficult, since usually the keys for user principals are all salted
> with the realm name. In the past I believe doing this was considered
> impossible to do with existing code, but maybe things have improved.
> This is more appropriate for the relevant Kerberos list, but someone may
> respond here further anyway.

Heimdal at least can indicate the salt that's used in the database entry,
and I believe that makes realm renaming work properly without changing the
keys.  However, I can't find any documentation of exactly how to do it.

-- 
Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>