[OpenAFS] Server encryption keys
Sat, 17 Mar 2007 13:32:17 -0700
Sergio Gelato <Sergio.Gelato@astro.su.se> writes:
> Out of curiosity, is AFS the only intended application for this?
> It seems to me that the day AFS will finally use standard Kerberos 5
> keytabs and per-server principals the problem will be much milder.
> Granted, one may not want to wait that long.
No, it applies to any application where the same key is shared on multiple
systems. Another example would be a set of systems providing a
GSSAPI-authenticated service behind a load-balancer, where the client
would use the same service ticket regardless of what backend system it
happened to get.
Any time that you need a delay between distributing key material and
making the new key active, you want this feature.
Russ Allbery (email@example.com) <http://www.eyrie.org/~eagle/>