Roland Dowdeswell's krb5_admin and krb5_keytab tool suite support bootstrapping and changing host keys using N-way Diffie-Hellman key exchanges (which includes support for race-free clustered host key updates).
Bootstrapping keys requires a locally-defined (site-specific) process for verifying host identity. That process can be as simple as "any host gets to bootstrap keys for any host-based principal for which there are no keys yet and which exists in DNS" to "confirm host identity via service processors automatically" (e.g., if you have a datacenter with a gateway'ed service processor network so you can trust that if you can reach a service processor you are talking to a racked server, so then you leverage datacenter physical access policies) to "a sysadmin must manually confirm the host identity". A key is bootstrapped before the host identification process, using a principal name derived from the N-way DH exchange, so, for example, if you can get console access via a gateway'ed service processor then you can use that key to complete the bootstrap process securely. See: http://oskt.secure-endpoints.com/ https://github.com/elric1/ Nico -- ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
