[162] in Kerberos
On the backup of kerberos.
jon@ATHENA.MIT.EDU (jon@ATHENA.MIT.EDU)
Sun Aug 9 21:36:15 1987
From jis@BITSY.MIT.EDU Sun Feb 1 20:18:44 1987
Date: Sun, 1 Feb 87 20:17:56 EST
From: Jeffrey I. Schiller <jis@BITSY.MIT.EDU>
To: Saltzer@ATHENA.MIT.EDU
Cc: kerberos@athena.mit.edu
In-Reply-To: Jerome H. Saltzer's message of Sun, 1 Feb 87 19:40:12 EST <8702020040.AA18909@HERACLES>
Subject: On the backup of kerberos.
The current scheme uses three backup tapes that are rotated through.
A tape gets written each night with three snapshots of the kerberos
database, one from each of the previous three nights.
This scheme has the advantage that only three tapes ever have confidential
data on them to worry about. The disadvantage is that we only save information
for the previous five days (the oldest data being from the oldest file
on the oldest tape). This also makes it unnecessary to deguass any
tapes just because the kerberos master key was changed.
As it turns out we have already had one tape fail, and that tape is
now waiting for me to take it to W91 for deguassing.
-Jeff
