[16349] in Kerberos_V5_Development
Re: Removing old keys
daemon@ATHENA.MIT.EDU (Russ Allbery)
Mon Sep 20 16:48:37 2010
From: Russ Allbery <rra@stanford.edu>
To: Greg Hudson <ghudson@mit.edu>
In-Reply-To: <1285014776.20521.14.camel@ray> (Greg Hudson's message of "Mon,
20 Sep 2010 16:32:56 -0400")
Date: Mon, 20 Sep 2010 13:48:31 -0700
Message-ID: <87d3s8gmzk.fsf@windlord.stanford.edu>
MIME-Version: 1.0
Cc: "krbdev@mit.edu" <krbdev@mit.edu>, Tom Yu <tlyu@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
Greg Hudson <ghudson@MIT.EDU> writes:
> On Mon, 2010-09-20 at 16:11 -0400, Tom Yu wrote:
>> * delete all old kvnos
>> * delete one specific kvno
>> * something else
> It may also be useful to be able to remove one or more key:salt types
> from an existing kvno. For example, a site which is migrating away from
> DES might want to (at some point in the process) remove all DES keys
> without force-changing all passwords.
Yes, definitely. That's a very nice feature to have.
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
