The destructive re-keying problem
ghudson at MIT.EDU
Fri Mar 7 15:45:45 EST 2014
We've been asked to take a look into automatically invalidating cached
service tickets after a server is destructively re-keyed (e.g. if the
server is completely re-provisioned and does not retain its old keytab).
I did an initial writeup here:
Additional ideas are welcome if people have them.
More information about the krbdev