Ticket 5338: Race conditions in key rotation

Jeffrey Altman jaltman at secure-endpoints.com
Tue Jun 24 12:46:31 EDT 2008

Jeffrey Hutzelman wrote:
> The presumption here is that there _is_ a "master" which is "more 
> definitive".  
For MIT Kerberos the introduction of "master_kdc" says exactly that.  
There is in fact
a master and that master is more definitive.  That is how the clients 
already work when
it comes to AS requests.  Our proposal is to extend that behavior to TGS 

If there is no defined master, then there is no master to fallback to.

Jeffrey Altman

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3355 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.mit.edu/pipermail/krbdev/attachments/20080624/03559274/attachment.bin

More information about the krbdev mailing list