need project review

Will Fiveash William.Fiveash at
Mon Apr 7 20:39:22 EDT 2008

On Mon, Apr 07, 2008 at 02:03:17PM -0500, Will Fiveash wrote:
> On Mon, Apr 07, 2008 at 01:43:29PM -0500, Will Fiveash wrote:
> > On Fri, Apr 04, 2008 at 11:20:17AM -0400, Jeffrey Hutzelman wrote:
> > 
> > > I think it is important that storing a new master key version be done 
> > > safely, such that failure does not result in the old stash file being 
> > > destroyed, even if it was old format.  Further, it might be argued that 
> > > attempting to add a new master key to an old-format stash file should 
> > > result in a keytab containing both the previous key and the newly-added 
> > > one.
> > 
> > How about I modify the design to create a temp masterkey keytab and then
> > moving it to it's standard filename?
> Actually, it's probably easier to move/rename the current stash file to
> a backup, then create the masterkey keytab using the standard stash file
> name and if that succeeds, unlink the stash backup.  If the keytab
> create fails, the backup stash file is renamed back to it's original
> filename.

Forget the above, I see that Jeffrey prefers using a temp file name for
the keytab creation which is safer than moving the stash file.

Will Fiveash
Sun Microsystems Inc.

More information about the krbdev mailing list