Issues with Active Directory <-> MIT x-realm key replacement
tlyu at MIT.EDU
Thu Dec 9 00:46:47 EST 2010
Sam Hartman <hartmans at MIT.EDU> writes:
> 2) We plan to implement behavior that allows an administrator to purge
> old keys. Once that is done your approach wil definitely be fine. I
> think even without this it is fine.
Manual purging of old keys (when there are multiple kvnos for a
principal) is already implemented in the upcoming 1.9 release.
More information about the krbdev