need project review
raeburn at MIT.EDU
Mon Apr 7 15:10:51 EDT 2008
On Apr 7, 2008, at 15:03, Jeffrey Hutzelman wrote:
> It doesn't happen currently, but I gather that one of the purposes of
> moving to keytabs as a storage mechanism is to allow more than one
> key version to be stored, so that database entries do not all have
> to be
> reencrypted at once (possibly resulting in a service outage while the
> update occurs).
Yes. Of course, once this is done, and password changes start
happening, the old master key is no longer enough to retrieve all of
the database contents, so downgrading is a non-trivial process.
More information about the krbdev