[OpenAFS] Server encryption keys

Robert Banz banz@umbc.edu
Fri, 16 Mar 2007 15:55:47 -0400

> What is required is functionality in the KDC that says "generate a new
> key for service X but don't use it yet".
> Then you could distribute the key to your servers and after they were
> all updated, you could activate the use of the new key.

That functionality could be simulated with a <blah> script generating  
a sufficiently large random string to use as the "password".