Ticket 5338: Race conditions in key rotation
Jeffrey Altman
jaltman at secure-endpoints.com
Tue Jun 24 12:46:31 EDT 2008
Jeffrey Hutzelman wrote:
> The presumption here is that there _is_ a "master" which is "more
> definitive".
For MIT Kerberos the introduction of "master_kdc" says exactly that.
There is in fact
a master and that master is more definitive. That is how the clients
already work when
it comes to AS requests. Our proposal is to extend that behavior to TGS
requests.
If there is no defined master, then there is no master to fallback to.
Jeffrey Altman
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3355 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.mit.edu/pipermail/krbdev/attachments/20080624/03559274/attachment.bin
More information about the krbdev
mailing list