Update to the design of the Master Key Migration project

[Jeffrey Hutzelman]

--On Wednesday, September 24, 2008 04:15:14 PM -0500 Nicolas Williams 
<Nicolas.Williams at sun.com> wrote:

> On Wed, Sep 24, 2008 at 03:43:33PM -0500, Will Fiveash wrote:
>> On Tue, Sep 23, 2008 at 07:59:55PM -0500, Will Fiveash wrote:
>> > Tom Yu requested that I look into modifying the design for the master
>> > key migration/rollover project to facilitate support for service key
>> > rollover.
>
> Excellent idea!  (This addresses one long thread we had a while back
> about just this topic.)

Yes, agreed.  It also makes it possible to implement functionality in the 
set-passwd draft related to storing new keys separately from taking them 
into use.



>> I thought about this some more and have a modification to the definition
>> of the data stored in KRB5_TL_CURKVNO.  It should be an array holding a
>> variable number of these structs:
>
> I like that -- it could be used for any principal, not just K/M or
> krbtgt/<realm>@<realm>.
>
>> struct krb5_curkvno  {
>>     krb5_kvno curkvno;
>>     krb5_timestamp start_time;
>> }
>
> Why not also end_time, with 0 -> never?

You don't need one.  The usage period for each entry is bounded by the 
start time of the next later entry, and by the principal and key expiration 
times in the KDB entry.  I see no need for an additional place to store 
this data.

BTW, I really hope no one is proposing defining the terms of database 
structures in terms of a C struct.

-- Jeff