> > What is required is functionality in the KDC that says "generate a new > key for service X but don't use it yet". > > Then you could distribute the key to your servers and after they were > all updated, you could activate the use of the new key. > That functionality could be simulated with a <blah> script generating a sufficiently large random string to use as the "password". -rob