[1508] in Kerberos_V5_Development
kadmin's ktremove behavior
daemon@ATHENA.MIT.EDU (Barry Jaspan)
Tue Aug 6 16:53:09 1996
Date: Tue, 6 Aug 1996 16:52:52 -0400
From: "Barry Jaspan" <bjaspan@MIT.EDU>
To: krbdev@MIT.EDU
As currently implemented:
ktremove [-k[eytab] keytab] [-q] principal [kvno|"all"|"old"]
If you specify a kvno, only the principal's entry matching that kvno
is removed. If you specify all, all of a principal's entries are
removed. If you specify old, all but the highest kvno entry for the
principal is removed. ***If you do not specify a kvno, all, or old,
the entry with the highest kvno for the principal is removed.***
I originally selected that last behavior because it was logically
distinct from the other three options. However, I no longer think it
makes sense because I cannot think of a situation in which someone
would use it. Removing the highest kvno entry leaves the keytab in a
state that is guaranteed to be inconsistent with the KDC.
I suggest one of two alternatives:
o The default behavior is to remove the lowest, not highest, kvno
entry for the principal.
o There is no default, and one of a kvno, "all", or "old" must be
specified.
Comments?
Barry
