[1767] in Kerberos
Re: how to delete principal from dbase
daemon@ATHENA.MIT.EDU (Joe Pato)
Tue Feb 25 12:25:36 1992
From: pato@apollo.hp.com (Joe Pato)
Date: Tue, 25 Feb 92 09:38:05 EST
To: berke@shearson.com (Wayne Berke)
Cc: kerberos@Athena.MIT.EDU
In-Reply-To: berke@shearson.com (Wayne Berke), mon, 24 feb 92 16:54:25
It would be real nice to be able to do this in one shot using kdb_edit or
more generally have a library routine that deletes principals so you could
build your own tools. Will this be supplied in K5?
The OSF DCE version of Kerberos V5 includes deletion of principals in the
remote administration interface. This operation, like all remote operations on
the database, is controlled via an ACL on an entry. This allows a site to
choose to enforce a policy that prevents the deletion of principals from the
database simply by denying the "deletion" right to anyone. Other sites that
wish to exercise a policy that allows deletions would establish the ACLs in a
way to allow the appropriate administrators to delete the entries.
The DCE key table (i.e., srvtab) manipulation functions also support deletion.
-- Joe Pato
Cooperative Object Computing Division / East
Hewlett-Packard Company
pato@apollo.hp.com
-------
