[3534] in Kerberos-V5-bugs
[krbdev.mit.edu #1219] mechanism to delete old keys should exist
daemon@ATHENA.MIT.EDU (Sam Hartman via RT)
Tue Oct 22 22:47:45 2002
Message-Id: <rt-1219-3190.5.38083898350081@krbdev.mit.edu>
In-Reply-To: <rt-1219@krbdev.mit.edu>
From: "Sam Hartman via RT" <rt-comment@krbdev.mit.edu>
Reply-To: rt-comment@krbdev.mit.edu
To: krb5-prs@mit.edu
Errors-To: krb5-bugs-admin@mit.edu
Date: Tue, 22 Oct 2002 22:46:58 -0400 (EDT)
We need a mechanism to delete old keys (especially tgt keys) from the
database. One possible mechanism would be start/expire dates on keys.
Another would be a not-valid-yet bit and a command to delete old keys.
The reason you probably want the not valid yet bit is to deal with the
time between the key is generated and the time when it is available on
all replicated servers (AFS and TGT come to mind)
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
http://mailman.mit.edu/mailman/listinfo/krb5-bugs
