[16351] in Kerberos_V5_Development
Re: Removing old keys
daemon@ATHENA.MIT.EDU (Tom Yu)
Mon Sep 20 18:42:23 2010
To: Nicolas Williams <Nicolas.Williams@oracle.com>
From: Tom Yu <tlyu@mit.edu>
Date: Mon, 20 Sep 2010 18:42:15 -0400
In-Reply-To: <20100920205953.GY7695@oracle.com> (Nicolas Williams's message of
"Mon, 20 Sep 2010 15:59:54 -0500")
Message-ID: <ldvk4mgm3zs.fsf@cathode-dark-space.mit.edu>
MIME-Version: 1.0
Cc: "krbdev@mit.edu" <krbdev@mit.edu>, Jonathan Reams <jr3074@columbia.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
Nicolas Williams <Nicolas.Williams@oracle.com> writes:
> While an RPC may be useful by itself, I think it what's needed is a
> policy such that sufficiently old keys are deleted on next key change.
>
> The safest policy, ISTM, is delete kvno-3 or kvno-2 on key change. It'd
> be nice too to have a way to flag keys as having been "replicated", as
> may be necessary in cluster situations. (Though clusters also have to
> worry about replay caches, and that's a different topic.)
We have explored some of these possibilities, such as "not valid
before/after" timestamps on each kvno, or "validity" flags on kvnos.
I would consider those alternatives as a longer-term solution in the
evolution of our database abstraction, while the "purge old keys"
capability is something that can be implemented in the short term.
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
