[4476] in Kerberos
Key Management
daemon@ATHENA.MIT.EDU (Pat Meehan )
Tue Jan 10 15:53:43 1995
To: kerberos@MIT.EDU
Date: 10 Jan 1995 19:09:39 GMT
From: alf@minnie.nic.kingston.ibm.com ( Pat Meehan )
Reply-To: alf@minnie.kgn.ibm.com
Question: In DCE, their use of kerberos allow the ability to change
a server's key in the key file by generating a new key, incrementing the
key version number and storing the new values in the key file WITHOUT
necessarily removing the previous version(s) of the key. Leaving the
previous versions in the key file allows existing, unexpired tickets
cached by the clients to continue to be used (until they expire). They also
provide the ability for revocation of existing tickets by removing the
previous keys from the file. Is this same ability in MIT K5 ?
Thanks -- Pat
