Greg Hudson wrote:
> Is it sufficient for just the master key to be behind a PKCS #11 device, so 
> that the existing database format can be preserved at the cost of letting
> long-term keys pass through KDC application memory?

IMO yes.

Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Kerberos mailing list 

Reply via email to