need project review
Nicolas Williams
Nicolas.Williams at sun.com
Fri Apr 4 16:00:41 EDT 2008
On Fri, Apr 04, 2008 at 11:20:17AM -0400, Jeffrey Hutzelman wrote:
> I think it is important that storing a new master key version be done
> safely, such that failure does not result in the old stash file being
> destroyed, even if it was old format. Further, it might be argued that
> attempting to add a new master key to an old-format stash file should
> result in a keytab containing both the previous key and the newly-added one.
>
> IMHO there needs to be a tool to convert back to the old stash format.
> Managing a transition is much harder when you can't back out the change if
> there is a problem.
IMO we should deprecate stash files altogether. That should make this
issue go away -- what's the point of having a stash file if nothing will
read it?
More information about the krbdev
mailing list