Requesting review of the Master Key Migration project
Ken Raeburn
raeburn at MIT.EDU
Mon Sep 8 19:36:54 EDT 2008
On Sep 2, 2008, at 20:25, Will Fiveash wrote:
> I've added a page on the MIT Kerberos Consortium wiki for the Master
> Key
> Migration project. The URL to the page is:
> http://k5wiki.kerberos.org/wiki/Projects/Master_Key_Migration
Under "use_mkey <KVNO>", it says, "The kadmind should be stopped/
disabled prior to running this command and enabled after successful
completion."
I'm trying to recall... was there a reason why the change can't be
done while kadmind is running? Perhaps it doesn't automatically pick
up the change, but if we can require just restarting kadmind after the
update, that's a smaller window of unavailability that having to shut
it off while manually running commands to update the database.
purge_mkeys: What is the user prompted for? "Are you sure?" "This is
the set I'm going to kill, okay?" "Kill version 3? Kill version
4? ..."
Ken
More information about the krbdev
mailing list