[OpenAFS] Re: "ktadd -k <anywhere> afs/xyz@REALM" breaks AFS instantly?

Russ Allbery rra@stanford.edu
Tue, 14 Feb 2006 12:05:45 -0800

Juha J=E4ykk=E4 <juhaj@iki.fi> writes:

> Upserver/-client is wonderful, but it (of course!) suffers from chicken
> and egg problem: you need to distribute the KeyFile at least once
> without it since it cannot distribute the KeyFile without a
> KeyFile. From your comment I gather this is *not* true for KeyFile
> updates. Correct? (Very nice indeed, if this is so.)

Correct -- as long as you don't delete the old key right away,
upserver/upclient can distribute KeyFile changes.

Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>