Requesting review of the Master Key Migration project

Ken Raeburn raeburn at MIT.EDU
Mon Sep 8 19:36:54 EDT 2008

On Sep 2, 2008, at 20:25, Will Fiveash wrote:
> I've added a page on the MIT Kerberos Consortium wiki for the Master  
> Key
> Migration project.  The URL to the page is:

Under "use_mkey <KVNO>", it says, "The kadmind should be stopped/ 
disabled prior to running this command and enabled after successful  

I'm trying to recall... was there a reason why the change can't be  
done while kadmind is running?  Perhaps it doesn't automatically pick  
up the change, but if we can require just restarting kadmind after the  
update, that's a smaller window of unavailability that having to shut  
it off while manually running commands to update the database.

purge_mkeys: What is the user prompted for?  "Are you sure?"  "This is  
the set I'm going to kill, okay?"  "Kill version 3?  Kill version  
4? ..."


More information about the krbdev mailing list