[krbdev.mit.edu #1219] mechanism to delete old keys should exist
Sam Hartman via RT
rt-comment at krbdev.mit.edu
Tue Oct 22 22:46:58 EDT 2002
We need a mechanism to delete old keys (especially tgt keys) from the
database. One possible mechanism would be start/expire dates on keys.
Another would be a not-valid-yet bit and a command to delete old keys.
The reason you probably want the not valid yet bit is to deal with the
time between the key is generated and the time when it is available on
all replicated servers (AFS and TGT come to mind)
More information about the krb5-bugs
mailing list