need project review

Nicolas Williams Nicolas.Williams at
Fri Apr 4 16:00:41 EDT 2008

On Fri, Apr 04, 2008 at 11:20:17AM -0400, Jeffrey Hutzelman wrote:
> I think it is important that storing a new master key version be done 
> safely, such that failure does not result in the old stash file being 
> destroyed, even if it was old format.  Further, it might be argued that 
> attempting to add a new master key to an old-format stash file should 
> result in a keytab containing both the previous key and the newly-added one.
> IMHO there needs to be a tool to convert back to the old stash format. 
> Managing a transition is much harder when you can't back out the change if 
> there is a problem.

IMO we should deprecate stash files altogether.  That should make this
issue go away -- what's the point of having a stash file if nothing will
read it?

More information about the krbdev mailing list