From cfc1841c06893d06ece9914a333366609cea55c5 Mon Sep 17 00:00:00 2001
From: "James E. Blair" <jeblair@redhat.com>
Date: Fri, 31 Jan 2020 16:22:52 -0800
Subject: [PATCH] Add warning about kerberos key rotation

Change-Id: I9e4caf8feeb775c02208a5e5f1627f03a90e4211
---
 doc/source/afs.rst      | 3 +++
 doc/source/kerberos.rst | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/doc/source/afs.rst b/doc/source/afs.rst
index 63bfcf24e7..bdb7bd8288 100644
--- a/doc/source/afs.rst
+++ b/doc/source/afs.rst
@@ -411,6 +411,9 @@ read-write volumes.
     kadmin: addprinc -randkey service/foo-mirror@OPENSTACK.ORG
     kadmin: ktadd -k /path/to/foo.keytab service/foo-mirror@OPENSTACK.ORG
 
+  .. warning:: Each time ``ktadd`` is run, the key is rotated and
+               previous keytabs are invalidated.
+
 * Add the service principal's keytab to Ansible secrets.  Copy the
   binary key to ``bridge.openstack.org`` and then use ``hieraedit`` to
   update the files
diff --git a/doc/source/kerberos.rst b/doc/source/kerberos.rst
index d1d3deebd9..ae3765638a 100644
--- a/doc/source/kerberos.rst
+++ b/doc/source/kerberos.rst
@@ -102,6 +102,9 @@ Then save the principal's keytab::
 
   kadmin: ktadd -k /path/to/$NAME.keytab service/$NAME@OPENSTACK.ORG
 
+.. warning:: Each time ``ktadd`` is run, the key is rotated and
+             previous keytabs are invalidated.
+
 Resetting A User Principal's Password
 -------------------------------------