If you need to replace existing Kerberos keys with new keys, for example, when site security policy requires periodic key updates, you can overwrite the existing keys during installation.
- Install new keys for the first KDC as shown in Initial Installation of Kerberos Keys for the First KDC.
- The installation overwrites all key sets in the file for all nodes to which you distribute the keys.
If you have new keys for additional KDCs, install the remaining key sets as shown in Installing Kerberos Keys for Additional KDCs (Merging Keys) to merge the additional key sets with the first replacement set installed in step 1.