Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.411 (Entity 5.404)
RT-Send-CC:
X-RT-Original-Encoding: iso-8859-1
Content-Length: 1160

I'd make some changes in the docs before incorporating this -- in
particular, I think you *do* want to use -keepold and flushkeys for
non-TGS principals, so as not to disrupt service for users to whom
credentials have recently been issued.

I wonder if there's a better way to automate this for the administrator
-- say, adding information in the database saying when the old key
expires, and automatically purging expired keys (which we might want to
build into the back end?), and when changing the key with -keepold,
automatically setting that value to now+maxlife.  (Unless another magic
flag is given meaning "I haven't yet distributed this key to all the
servers in the load-sharing cluster/AFS cell/whatever, so don't use it
yet and don't compute the expiration date for the old one yet".  For
that matter, something to check: Do our current tools store the key in
the keytab before the KDC would be able to use the new key, or is there
a race condition in that part of the process?)  But that can be added
later, and then this protocol option can sit around unused...

We should add a test case for this, as well, preferably when or before
integrating.