[16354] in Kerberos_V5_Development

home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Removing old keys

daemon@ATHENA.MIT.EDU (Russ Allbery)
Mon Sep 20 19:28:23 2010

From: Russ Allbery <rra@stanford.edu>
To: Nicolas Williams <Nicolas.Williams@oracle.com>
In-Reply-To: <20100920232424.GG7857@oracle.com> (Nicolas Williams's message of
	"Mon, 20 Sep 2010 18:24:25 -0500")
Date: Mon, 20 Sep 2010 16:28:18 -0700
Message-ID: <87lj6wf10t.fsf@windlord.stanford.edu>
MIME-Version: 1.0
Cc: "krbdev@mit.edu" <krbdev@mit.edu>, Jonathan Reams <jr3074@columbia.edu>,
   Tom Yu <tlyu@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu

Nicolas Williams <Nicolas.Williams@oracle.com> writes:

> Also, the kadmin client could delete old keys from keytabs
> automatically, specifically removing keys whose kvnos are not listed as
> valid by kadmind.

You only want to do that if the maximum ticket lifetime has passed.

-- 
Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>
_______________________________________________
krbdev mailing list             krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev

home	help	back	first	fref	pref	prev	next	nref	lref	last	post