[16346] in Kerberos_V5_Development
Re: Removing old keys
daemon@ATHENA.MIT.EDU (Tom Yu)
Mon Sep 20 16:11:38 2010
To: Greg Hudson <ghudson@mit.edu>
From: Tom Yu <tlyu@mit.edu>
Date: Mon, 20 Sep 2010 16:11:30 -0400
In-Reply-To: <1285012205.20521.8.camel@ray> (Greg Hudson's message of "Mon,
20 Sep 2010 15:50:05 -0400")
Message-ID: <ldvsk14maz1.fsf@cathode-dark-space.mit.edu>
MIME-Version: 1.0
Cc: Jonathan Reams <jr3074@columbia.edu>, "krbdev@mit.edu" <krbdev@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
Greg Hudson <ghudson@MIT.EDU> writes:
> On Mon, 2010-09-20 at 15:31 -0400, Jonathan Reams wrote:
>> Is there a mechanism for pruning old keys in the same way that
>> kdb5_util lets you purge old master keys that are no longer being
>> used?
> To the best of my understanding, there is not, short of dumpfile
> editing. This is a long-standing shortcoming in the kadmin system,
> which we simply haven't gotten around to correcting.
What would people prefer in terms of an interface for this capability?
* delete all old kvnos
* delete one specific kvno
* something else
We would probably implement this as a new kadmin RPC.
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
