The destructive re-keying problem
Greg Hudson
ghudson at MIT.EDU
Fri Mar 7 15:45:45 EST 2014
We've been asked to take a look into automatically invalidating cached
service tickets after a server is destructively re-keyed (e.g. if the
server is completely re-provisioned and does not retain its old keytab).
I did an initial writeup here:
http://k5wiki.kerberos.org/wiki/Projects/Graceful_recovery_after_destructive_service_rekey
Additional ideas are welcome if people have them.
More information about the krbdev
mailing list