sdidiag showing extra keys on some servers
I was running through the sdidiag steps getting ready to implement Universal Password and I've stumbled onto something odd in my sdi.
I've got a dozen servers, all servers share a common key. 3 of my servers each have an extra key that is unique to that server. So key A is on all servers, server #10 has keys A and B, server #11 has keys A and C, and server #12 have keys A and D. None of the keys are revoked, they are all active. All of the keys are 56-bit. The key server only has key A.
Initially I had a few servers missing key A but resyncing has distributed that key out to all of my servers.
All of the TIDs I can find tell you to get all of your keys distributed correctly before revoking and reissuing a new key.
I need to revoke and create a new 168-bit key, but if I revoke and recreate the keys now is it only going to revoke the key that the key server knows about (key A) and still leave the others active?
Can I just add the servers with the extra keys as key servers and resync?
|
Threaded Mode
