Ticket 5338: Race conditions in key rotation

Nicolas Williams Nicolas.Williams at sun.com
Tue Jun 24 18:33:19 EDT 2008

On Tue, Jun 24, 2008 at 01:56:20PM -0400, Roland Dowdeswell wrote:
> An example of a case which incremental propagation does not not
> mitigate is changing your TGS key if you round robin between KDCs
> in a random order.  If you get kvno 7 from the first slave and then
> present it to another slave which has only kvno 6 then you will
> get a failure.  A lot of environments will use the TGT immediately
> after it is obtained in order to get AFS tokens.  So, your window
> is a few milliseconds.

IMO the correct way to handle this is to first add a new key _disabled_
(the key, not the principal) so that the key is not used when _issuing_
TGTs but it's still available for decrypting TGTs encrypted in that key,
wait for replication, then mark the key enabled and replicate.

This way when the first KDC (the master) starts using the new TGS key
all the other KDCs will have it already and will be able to decrypt the
new TGTs.


More information about the krbdev mailing list