need project review

Henry B. Hotz hotz at
Sat Apr 5 15:15:23 EDT 2008

On Apr 5, 2008, at 9:15 AM, krbdev-request at wrote:
> Date: Fri, 4 Apr 2008 15:18:57 -0500
> From: Nicolas Williams <Nicolas.Williams at>
> Subject: Re: need project review
> To: Jeffrey Hutzelman <jhutz at>, Will Fiveash
> 	<William.Fiveash at>, 	MIT Kerberos Dev List <krbdev at>
> Message-ID: <20080404201857.GN16998 at Sun.COM>
> Content-Type: text/plain; charset=us-ascii
> On Fri, Apr 04, 2008 at 03:00:41PM -0500, Nicolas Williams wrote:
>> IMO we should deprecate stash files altogether.  That should make  
>> this
>> issue go away -- what's the point of having a stash file if nothing  
>> will
>> read it?
> I should clarify.  I think that the only thing that reads stash files
> should be the tool that migrates them to keytab file entries.  That
> could be built-in to krb5kdc and kadmind, or it could be a standalone
> tool.  Either way the stash file should be read once, migrated, and
> removed or ignored thereafter.

That's OK, but as was said before it's hard to get approval for a  
change if there isn't a tested rollback procedure.  A bit if  
documented thought about how to do that would be a good thing, even if  
it's "restore from a backup".  This change seems low risk and likely  
to fail quickly if it does fail.

The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz at, or hbhotz at

More information about the krbdev mailing list