[1459] in Kerberos
changing the krbtgt. key
daemon@ATHENA.MIT.EDU (Mike Accetta)
Mon Jul 22 18:44:56 1991
Date: 22 Jul 91 21:44:46 GMT
From: mja+@cs.cmu.edu (Mike Accetta)
Reply-To: Mike.Accetta@cs.cmu.edu
To: kerberos@shelby.Stanford.EDU
Is it supposed to be possible in the distributed V4 implementation to
change the key for the krbtgt.<realm> service without invalidating all
active ticket granting tickets in the process? From what I can figure
out, the KDC only records the current key for a service and will not be
able to decrypt TGT's issued with the old key after it has been
changed.
- Mike
