questions regarding master key enctype migration
raeburn at MIT.EDU
Tue Mar 11 19:34:23 EDT 2008
On Mar 11, 2008, at 19:09, Tom Yu wrote:
> Why can't this be in the normal keydata entries? We allow for
> multiple kvnos worth of keys in the keydata entries for a principal
> for thing such as TGT key rollover.
Oh, I think maybe I was thinking that all older keys were just in the
history. I guess this would work, as long as we're paranoid about
when old versions can get removed. The conditions under which it's
okay are a bit different than for other keys in the database.
More information about the krbdev