Add warning about kerberos key rotation

Change-Id: I9e4caf8feeb775c02208a5e5f1627f03a90e4211
2020-01-31 16:22:52 -08:00 · 2020-01-31 16:22:52 -08:00 · cfc1841c06
commit cfc1841c06
parent f62a75fae9
2 changed files with 6 additions and 0 deletions
--- a/doc/source/afs.rst
+++ b/doc/source/afs.rst
@ -411,6 +411,9 @@ read-write volumes.
    kadmin: addprinc -randkey service/foo-mirror@OPENSTACK.ORG
    kadmin: ktadd -k /path/to/foo.keytab service/foo-mirror@OPENSTACK.ORG

+  .. warning:: Each time ``ktadd`` is run, the key is rotated and
+               previous keytabs are invalidated.
+
 * Add the service principal's keytab to Ansible secrets.  Copy the
  binary key to ``bridge.openstack.org`` and then use ``hieraedit`` to
  update the files
--- a/doc/source/kerberos.rst
+++ b/doc/source/kerberos.rst
@ -102,6 +102,9 @@ Then save the principal's keytab::

  kadmin: ktadd -k /path/to/$NAME.keytab service/$NAME@OPENSTACK.ORG

+.. warning:: Each time ``ktadd`` is run, the key is rotated and
+             previous keytabs are invalidated.
+
 Resetting A User Principal's Password
 -------------------------------------