[1557] in Kerberos
Re: kdb_edit
daemon@ATHENA.MIT.EDU (Jonathan I. Kamens)
Sun Sep 15 20:05:01 1991
Date: Sun, 15 Sep 1991 23:31:44 GMT
From: jik@ATHENA.MIT.EDU (Jonathan I. Kamens)
To: kerberos@shelby.Stanford.EDU
In article <975@tivoli.UUCP>, mukund@tivoli.UUCP (mukund) writes:
|> The V4 kdb_edit that I have does not allow the deletion of
|> records from the Kerberos database. However I notice that the kdb_edit
|> of V5 provides this facility. Was this feature ever added in a patch to
|> the V4 distribution ?
No.
Deleting principals was considered a "dangerous operation," so dangerous (it
was thought) that the only way to do it should be to dump the database, remove
the principals that were to be deleted, and load the new database file. This
relatively difficult process would allegedly prevent principals from being
deleted accidentally.
I guess the people working on V5 decided that it was bone-headed for the
software to be enforcing this policy and making life difficult for admins, so
they added the delete functionality to kdb_edit in V5.
--
Jonathan Kamens USnail:
MIT Project Athena 11 Ashford Terrace
jik@Athena.MIT.EDU Allston, MA 02134
Office: 617-253-8085 Home: 617-782-0710
