deletion of old keys
Lara Adianto
m1r4cle_26 at yahoo.com
Thu Jun 3 22:16:14 EDT 2004
I see...
So, if my understanding is right, KDC doesn't need to
retain old keys unless the keys are its own keys (the
krbtgt's keys) such that it will be able to decrypt
any TGTs issued using its old key.
Back to my question, how does MIT handle this ?
Thank you,
lara
--- Sam Hartman <hartmans at mit.edu> wrote:
> >>>>> "Lara" == Lara Adianto <m1r4cle_26 at yahoo.com>
> writes:
>
> Lara> Hi, In section 4.1 of RFC 1510, it is
> mentioned that "When
> Lara> an application server's key changes, if
> the change is
> Lara> routine, the old key should be retained by
> the server until
> Lara> all tickets that had been issued using
> that key have
> Lara> expired"
>
> It means in the keytab, not the KDC database.
>
> There's not currently a way to delete key data from
> the kdc if you use
> the option to retain old keys.
>
=====
------------------------------------------------------------------------------------
La vie, voyez-vous, ca n'est jamais si bon ni si mauvais qu'on croit
- Guy de Maupassant -
------------------------------------------------------------------------------------
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the Kerberos
mailing list