need project review

Jeffrey Hutzelman jhutz at
Mon Apr 7 11:28:00 EDT 2008

--On Friday, April 04, 2008 03:18:57 PM -0500 Nicolas Williams 
<Nicolas.Williams at> wrote:

> On Fri, Apr 04, 2008 at 03:00:41PM -0500, Nicolas Williams wrote:
>> IMO we should deprecate stash files altogether.  That should make this
>> issue go away -- what's the point of having a stash file if nothing will
>> read it?
> I should clarify.  I think that the only thing that reads stash files
> should be the tool that migrates them to keytab file entries.  That
> could be built-in to krb5kdc and kadmind, or it could be a standalone
> tool.  Either way the stash file should be read once, migrated, and
> removed or ignored thereafter.

If you do that, then a tool to convert back becomes essential, instead of 
just useful.  It should not ever be the case that merely running a new KDC 
or kadmind results in my stash file or database being automatically 
converted to a format that will not work with the version I was running a 
few minutes ago and might need to revert to.

Personally, I'm very wary of gratuitous automatic conversion.  It would be 
fine to convert to the new format when a feature is used that makes it 
necessary, but doing it just because the new code ran is asking for trouble.

More information about the krbdev mailing list