Announcements
April is Volunteer Appreciation Month! We want to thank all of our
volunteers for all the hard work they do! Join us in celebrating!
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 
Newcomer II

Kerberos account passwords

A colleague put the question to me today - how frequently (if ever) ought we to change the passwords for the kerberos TGT (ticket-granting ticket) account? We have a fair-sized AD domain so it's not a trivial matter. Microsoft provides PowerShell scripts to minimise the risk of it breaking anything and the account password is never divulged to any human but that security measure does mean that if the process doesn't go to plan and authentication breaks, we're toast. Some advice is to change it from time to time, other is to leave well alone.

Any comments/experiences/wisdom anyone would care to share? Thanks.