need project review

Ken Raeburn raeburn at MIT.EDU
Mon Apr 7 15:10:51 EDT 2008

On Apr 7, 2008, at 15:03, Jeffrey Hutzelman wrote:
> It doesn't happen currently, but I gather that one of the purposes of
> moving to keytabs as a storage mechanism is to allow more than one  
> master
> key version to be stored, so that database entries do not all have  
> to be
> reencrypted at once (possibly resulting in a service outage while the
> update occurs).

Yes.  Of course, once this is done, and password changes start  
happening, the old master key is no longer enough to retrieve all of  
the database contents, so downgrading is a non-trivial process.


More information about the krbdev mailing list