questions regarding master key enctype migration

Ken Raeburn raeburn at MIT.EDU
Tue Mar 11 09:03:44 EDT 2008

Oh, my scheme should probably be checked for race conditions...  For  
example, can we have a key change operation look up the mkvno to use,  
then another process update the database to a new mkvno, re-encrypt  
the keys (small database?), and remove the old master key, before the  
key change operation gets around to storing new newly changed key,  
encrypted in a master key we've just deleted?

Perhaps not in db2, if we lock the database for the whole sequence of  
mkvno lookup through updated key store, but what about in the LDAP  


More information about the krbdev mailing list