questions regarding master key enctype migration

Ken Raeburn raeburn at MIT.EDU
Tue Mar 11 19:34:23 EDT 2008

On Mar 11, 2008, at 19:09, Tom Yu wrote:
> Why can't this be in the normal keydata entries?  We allow for
> multiple kvnos worth of keys in the keydata entries for a principal
> for thing such as TGT key rollover.

Oh, I think maybe I was thinking that all older keys were just in the  
history.  I guess this would work, as long as we're paranoid about  
when old versions can get removed.  The conditions under which it's  
okay are a bit different than for other keys in the database.


More information about the krbdev mailing list