Issues with Active Directory <-> MIT x-realm key replacement
hartmans at MIT.EDU
Wed Dec 8 22:25:51 EST 2010
Your proposed design sounds good to me.
Here are some additional reasons why I think that design will be fine
1) If you want security at the expense of availability, you do not use
the -keepold option on kpasswd.
2) We plan to implement behavior that allows an administrator to purge
old keys. Once that is done your approach wil definitely be fine. I
think even without this it is fine.
More information about the krbdev