add section about changing enctypes

diff --git a/doc/kerberized-server.mdwn b/doc/kerberized-server.mdwn
index df5274e7cc6aaa303510714702a0c33cdec4014b..bb36f93446d14633f08df7a96fd0b0119546a8ba 100644 (file)
--- a/doc/kerberized-server.mdwn
+++ b/doc/kerberized-server.mdwn
@@ -35,3 +35,24 @@ matches; that is to say, an Athena user whose username matches a local
 username can log in to that local account.  (One option to avoid this is
 to create a `.k5login` file in `/etc/skel` so that new accounts you
 later add get this file by default.)
+
+## Upgrading cryptographic strength
+
+You may wish to change the encryption algorithms (*enctypes*) included in your keytab. With server principals (like `daemon/servername.mit.edu` or `host/servername.mit.edu`) it is particularly important to support *only* strong algorithms. If you support a weak algorithm, an attacker can request a service ticket encrypted with that key, allowing them to do an offline attack and potentially extract your secret key.
+
+To change the supported enctypes, run `kadmin`:
+
+    kadmin -p daemon/kronborg.mit.edu  -k -t daemon.kronborg.keytab
+
+Then, create new keys:
+
+    ktadd -k daemon.kronborg.keytab -e aes256-cts:normal -e aes128-cts:normal daemon/kronborg.mit.edu
+
+After all tickets currently issued against your service expire (which will happen after at most one day), you should remove the old keys from your keytab:
+
+    ktremove -k daemon.kronborg.keytab daemon/kronborg.mit.edu old
+
+Before exiting, you may wish to verify in a separate terminal that the correct updated key has been written to the keytab:
+
+    kinit -k -t daemon.kronborg.keytab daemon/kronborg.mit.edu
+    kvno daemon/kronborg.mit.edu@ATHENA.MIT.EDU