[OpenAFS] AES Support ?
John Hascall
john@iastate.edu
Thu, 27 Sep 2007 15:05:01 CDT
> On Thu, 27 Sep 2007, John Hascall wrote:
> > By "not yet completed" I meant started. If I'm understanding
> > the process as it was outlined many messages ago it was:
> > 1) create afs-k5 or (or is it k5-afs?) key
> > 2) upgrade all your servers
> > 3) upgrade all your clients
> > 4) remove the old afs key
> actually, i think i'd upgrade the servers, then add the key, then upgrade
> the clients, then remove the old keyS
Well, if that's doable, it would be a big win. Thanks.
> for experimental deployment i'd use a 3rd key that clients needed to know
> about to use.
I can see how doing the servers first, then the key,
basically switches the whole cell to the method at once.
So, I'm not sure I'm following exactly, but I think you are
suggesting this as a way to test before then (which would
be a good thing). You seem to imply that a clients can
somehow be manually instructed to use an arbitrary keyname
(say afs-k5-test) -- is this correct? Then you could create
this key that other clients would not know about, and then
I am assuming you could also configure a test server in your
cell with this key name too?
Thanks,
John