Issues with Active Directory <-> MIT x-realm key replacement

Tom Yu tlyu at MIT.EDU
Thu Dec 9 00:46:47 EST 2010

Sam Hartman <hartmans at MIT.EDU> writes:

> 2) We plan to implement behavior that allows an administrator to purge
> old keys. Once that is done your approach wil definitely be fine.  I
> think even without this it is fine.

Manual purging of old keys (when there are multiple kvnos for a
principal) is already implemented in the upcoming 1.9 release.

More information about the krbdev mailing list