Issues with Active Directory <-> MIT x-realm key replacement

[Sam Hartman]

Your proposed design sounds good to me.

Here are some additional reasons why I think that design will be fine
long-term.
1) If you want security at the expense of availability, you do not use
the -keepold option on kpasswd.

2) We plan to implement behavior that allows an administrator to purge
old keys. Once that is done your approach wil definitely be fine.  I
think even without this it is fine.

--Sam