[1463] in Kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: changing the krbtgt. key

daemon@ATHENA.MIT.EDU (Jon A. Rochlis)
Tue Jul 23 12:45:53 1991

From: jon@MIT.EDU (Jon A. Rochlis)
To: Mike.Accetta@cs.cmu.edu
Cc: kerberos@MIT.EDU
In-Reply-To: Your message of 22 Jul 91 21:44:46 +0000.
Date: Tue, 23 Jul 91 12:07:33 EDT

Your analysis is correct.  Given the current MIT shipped
implementation you lose with existing TGT's if you change the krbtgt
key.  It would be a pretty simple mod to the server to keep around the
old krbtgt and try it upon failure (probably there is a key version
number in the protocol that would let you do better than that).  We
just never implemented it.

		-- Jon


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[1463] in Kerberos

Re: changing the krbtgt. key

daemon@ATHENA.MIT.EDU (Jon A. Rochlis)Tue Jul 23 12:45:53 1991

daemon@ATHENA.MIT.EDU (Jon A. Rochlis)
Tue Jul 23 12:45:53 1991