Robert Banz wrote: > > Wouldn't a better key-update-transition plan be: > > * create a new key > * stash it in the KeyFile in the next kvno slot > * wait until the servers pick it up > * update the afs key on the kdc to match the new value (make sure it > matches the kvno that you used before) > * profit. > > From what I understand -- and please correct me if I'm wrong -- all of > the various key versions in the key file should be valid(?) for > transacting with AFS -- so in order to go service-outage-less, you need > to make sure the new key available to all of the servers before you go > and make that the current AFS service key on the KDC? > > Once your "longest" key expiration time is reached for your cell, you > could safely remove the old key version from the KeyFile... > > -rob
What is required is functionality in the KDC that says "generate a new key for service X but don't use it yet". Then you could distribute the key to your servers and after they were all updated, you could activate the use of the new key. Jeffrey Altman Secure Endpoints Inc.
smime.p7s
Description: S/MIME Cryptographic Signature
