The destructive re-keying problem

Greg Hudson ghudson at MIT.EDU
Fri Mar 7 15:45:45 EST 2014

We've been asked to take a look into automatically invalidating cached
service tickets after a server is destructively re-keyed (e.g. if the
server is completely re-provisioned and does not retain its old keytab).
I did an initial writeup here:

Additional ideas are welcome if people have them.

More information about the krbdev mailing list