Review of ending February 13, 2009

Russ Allbery rra at
Fri Jan 30 18:32:19 EST 2009

Jeffrey Hutzelman <jhutz at> writes:

> That means, among other things, the ability to generate and store new
> service keys without taking them into use, the ability to begin issuing
> service tickets with a new key while still handling AS requests using
> the old client kvno (or vice versa), and a key management protocol and
> clients that support these operations.

I cannot emphasize enough how much I agree with this paragraph.  All
transition plans are rife with race conditions and deployment problems
today without those capabilities.

Russ Allbery (rra at             <>

More information about the krbdev mailing list