[OpenAFS] Server encryption keys

Sergio Gelato Sergio.Gelato@astro.su.se
Sat, 17 Mar 2007 11:09:45 +0100


* Russ Allbery [2007-03-16 15:11:20 -0700]:
> Jeff is talking about additional functionality that several of us would
> like to add to the Kerberos KDC that lets you create a new key (and hence
> a keytab and hence pre-populate the KeyFile) without having the KDC
> immediately start using it for service tickets.

Out of curiosity, is AFS the only intended application for this?
It seems to me that the day AFS will finally use standard Kerberos 5
keytabs and per-server principals the problem will be much milder.
Granted, one may not want to wait that long.