diff options
Diffstat (limited to 'doc/admin/database.rst')
-rw-r--r-- | doc/admin/database.rst | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/doc/admin/database.rst b/doc/admin/database.rst index 14c145b..2b02af3 100644 --- a/doc/admin/database.rst +++ b/doc/admin/database.rst @@ -535,6 +535,10 @@ availability. To roll over the master key, follow these steps: use unlocked iteration; this variant will take longer, but will keep the database available to the KDC and kadmind while it runs. +#. Wait until the above changes have propagated to all replica KDCs + and until all running KDC and kadmind processes have serviced + requests using updated principal entries. + #. On the master KDC, run ``kdb5_util purge_mkeys`` to clean up the old master key. |