need project review
Will Fiveash
William.Fiveash at sun.com
Mon Apr 7 20:39:22 EDT 2008
On Mon, Apr 07, 2008 at 02:03:17PM -0500, Will Fiveash wrote:
> On Mon, Apr 07, 2008 at 01:43:29PM -0500, Will Fiveash wrote:
> > On Fri, Apr 04, 2008 at 11:20:17AM -0400, Jeffrey Hutzelman wrote:
> >
> > > I think it is important that storing a new master key version be done
> > > safely, such that failure does not result in the old stash file being
> > > destroyed, even if it was old format. Further, it might be argued that
> > > attempting to add a new master key to an old-format stash file should
> > > result in a keytab containing both the previous key and the newly-added
> > > one.
> >
> > How about I modify the design to create a temp masterkey keytab and then
> > moving it to it's standard filename?
>
> Actually, it's probably easier to move/rename the current stash file to
> a backup, then create the masterkey keytab using the standard stash file
> name and if that succeeds, unlink the stash backup. If the keytab
> create fails, the backup stash file is renamed back to it's original
> filename.
Forget the above, I see that Jeffrey prefers using a temp file name for
the keytab creation which is safer than moving the stash file.
--
Will Fiveash
Sun Microsystems Inc.
http://opensolaris.org/os/project/kerberos/
More information about the krbdev
mailing list