need project review
Will Fiveash
William.Fiveash at sun.com
Mon Apr 7 15:03:17 EDT 2008
On Mon, Apr 07, 2008 at 01:43:29PM -0500, Will Fiveash wrote:
> On Fri, Apr 04, 2008 at 11:20:17AM -0400, Jeffrey Hutzelman wrote:
>
> > I think it is important that storing a new master key version be done
> > safely, such that failure does not result in the old stash file being
> > destroyed, even if it was old format. Further, it might be argued that
> > attempting to add a new master key to an old-format stash file should
> > result in a keytab containing both the previous key and the newly-added
> > one.
>
> How about I modify the design to create a temp masterkey keytab and then
> moving it to it's standard filename?
Actually, it's probably easier to move/rename the current stash file to
a backup, then create the masterkey keytab using the standard stash file
name and if that succeeds, unlink the stash backup. If the keytab
create fails, the backup stash file is renamed back to it's original
filename.
--
Will Fiveash
Sun Microsystems Inc.
http://opensolaris.org/os/project/kerberos/
More information about the krbdev
mailing list