[16538] in Kerberos_V5_Development


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Issues with Active Directory <-> MIT x-realm key replacement

daemon@ATHENA.MIT.EDU (Tom Yu)
Thu Dec 9 00:46:53 2010

To: Sam Hartman <hartmans@mit.edu>
From: Tom Yu <tlyu@mit.edu>
Date: Thu, 09 Dec 2010 00:46:47 -0500
In-Reply-To: <tslk4jjhbk0.fsf@carter-zimmerman.suchdamage.org> (Sam Hartman's
	message of "Wed, 08 Dec 2010 22:25:51 -0500")
Message-ID: <ldv39q78pmg.fsf@cathode-dark-space.mit.edu>
MIME-Version: 1.0
Cc: jaltman@secure-endpoints.com, "'krbdev@mit.edu'" <krbdev@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu

Sam Hartman <hartmans@MIT.EDU> writes:

> 2) We plan to implement behavior that allows an administrator to purge
> old keys. Once that is done your approach wil definitely be fine.  I
> think even without this it is fine.

Manual purging of old keys (when there are multiple kvnos for a
principal) is already implemented in the upcoming 1.9 release.
_______________________________________________
krbdev mailing list             krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[16538] in Kerberos_V5_Development

Re: Issues with Active Directory <-> MIT x-realm key replacement

daemon@ATHENA.MIT.EDU (Tom Yu)Thu Dec 9 00:46:53 2010

daemon@ATHENA.MIT.EDU (Tom Yu)
Thu Dec 9 00:46:53 2010