If the master key of a realm in eDirectory is corrupted, you can reset it using kdb5_util. Ensure that the master key is reset with the same master password and key type, which was provided while creating the realm. Else, all the principals in the realm will be unusable.
If you change the master key of a realm, then the existing principals will not be able to access any Kerberos services in the network, as their secret keys were encrypted with the old master key. If you want to reset the master key, you have to delete and reset the keys for all the principals in the realm.
You can reset the master key as follows:
kdb5_util [-D user_dn [-w passwd]] [-h ldap_server]
[-p ldap_port] [-t trusted_cert]
setmasterkey [-k mkeytype] [-m|-P password] [-r realm]
For example:
kdb5_util -D cn=admin,o=org -h ldap-server1.mit.edu -p 636 setmasterkey -r ATHENA.MIT.EDU
Table 36. setmasterkey Parameter Description