Sergio Gelato <[EMAIL PROTECTED]> writes: > Out of curiosity, is AFS the only intended application for this? > It seems to me that the day AFS will finally use standard Kerberos 5 > keytabs and per-server principals the problem will be much milder. > Granted, one may not want to wait that long.
No, it applies to any application where the same key is shared on multiple systems. Another example would be a set of systems providing a GSSAPI-authenticated service behind a load-balancer, where the client would use the same service ticket regardless of what backend system it happened to get. Any time that you need a delay between distributing key material and making the new key active, you want this feature. -- Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/> _______________________________________________ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info