* Quanah Gibson-Mount (quanah@stanford.edu) [040730 01:14]:
We wrote our own utility that downloads the keys over an encrypted
channel to the target system. It validates the calls using the user's
Kerberos principal. It allows for multiple people to be on the ACL for
a keytab, and it allows for multiple groups (which can contain multiple
people) to be on the ACL for a keytab.
this does not solve the bootstrap problem, does it? for that the
key needs to get to the server at install (or configuration)
time.