[2733] in testers
Question on krb5 in environment....
daemon@ATHENA.MIT.EDU (epeisach@MIT.EDU)
Thu Dec 29 20:45:36 1994
From: epeisach@MIT.EDU
Date: Thu, 29 Dec 1994 20:45:17 -0500
To: testers@MIT.EDU
Here is a gotcha that was probably not considered.... If you change your
password - the server kerberos.mit.edu will have the new v4 password,
but the primary for v5 kerberos-2 will have the old one.... (until the
next morning propogation).
This would imply that getting these v5 tickets as an attempt to
eventually move to having clients/servers that rely on them will have to
wait until the two run on the same server and share a database.... I
would hate to have a client application die because someone changed
their password and was no longer getting v5 tickets on the kinit....
So, the end result, which consulting would probably have to be made
aware of is that if you change your password, you will probably get an
error if you login later in the same day...
Am I missing something obvious here?
Ezra
