What is required is functionality in the KDC that says "generate a new
key for service X but don't use it yet".
Then you could distribute the key to your servers and after they were
all updated, you could activate the use of the new key.
That functionality could be simulated with a <blah> script generating
a sufficiently large random string to use as the "password".
-rob
_______________________________________________
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
