On Mar 17, 2007, at 08:48, Jeffrey Altman wrote:
Sergio Gelato wrote:
* Russ Allbery [2007-03-16 15:11:20 -0700]:
Jeff is talking about additional functionality that several of us
would
like to add to the Kerberos KDC that lets you create a new key
(and hence
a keytab and hence pre-populate the KeyFile) without having the KDC
immediately start using it for service tickets.
Out of curiosity, is AFS the only intended application for this?
It seems to me that the day AFS will finally use standard Kerberos 5
keytabs and per-server principals the problem will be much milder.
Granted, one may not want to wait that long.
The desired key rollover and rollback functionality is not specific to
AFS.
It makes sense. The capability to have previous kvnos hanging out in
the KDC's database is there, so all we really need is a flag to say
which one is active (and an API to manipulate it).
-rob
_______________________________________________
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
