>It's not a bad idea to rekey one's services from time to time. It's just >temporarily disruptive if one doesn't go through the steps in the right order >(which for AFS would be to distribute the new key to the AFS servers >*before* the KDC starts issuing tickets with it).
I agree in theory you should get the key to the KeyFile before the KDC starts issuing tickets with that key. But I've rekeyed the AFS fileservers a number of times, and basically it's not a problem. Assuming you're using upclient/upserver, the KeyFile gets distributed rather quickly. It never is a problem in practice. --Ken _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
