Are there any timing considerations when purging the old master key(s)? I experienced some problems after following the documented procedure (kadmind/kpropd not working, tickets not being issued) which I think might have been due running the ‘purge_mkeys' before the updated principals were propagated to the slaves after running the ‘update_princ_encryption’.
I had to restart kadmind, krb5kdc, and kpropd to get things working again. Also, after running ‘kdb5_util stash’ on the slave, the old key is preserved in the stash file, but on the master ‘kdb5_util add_mkey -s’ clobbers the old key.
smime.p7s
Description: S/MIME cryptographic signature
________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos