svn rev #22260: branches/krb5-1-7/src/kadmin/dbutil/

[tlyu@MIT.EDU]

http://src.mit.edu/fisheye/changelog/krb5/?cs=22260
Commit By: tlyu
Log Message:
ticket: 6459
version_fixed: 1.7

pull up r22208 from trunk

 ------------------------------------------------------------------------
 r22208 | wfiveash | 2009-04-13 18:15:05 -0400 (Mon, 13 Apr 2009) | 11 lines
 Changed paths:
    M /trunk/src/kadmin/dbutil/kdb5_util.M

 Ticket: 6459
 Subject: Update kdb5_util man page with missing purge_mkeys command
 Version_Reported: 1.7
 Target_Version: 1.7
 Tags: pullup

 While previously updating the kdb5_util command man page to include
 documentation on new subcommands added as a result of the Master Key
 Migration project I missed the purge_mkeys command.  I've added that
 with this commit.


Changed Files:
U   branches/krb5-1-7/src/kadmin/dbutil/kdb5_util.M
Modified: branches/krb5-1-7/src/kadmin/dbutil/kdb5_util.M
===================================================================
--- branches/krb5-1-7/src/kadmin/dbutil/kdb5_util.M	2009-04-15 21:00:24 UTC (rev 22259)
+++ branches/krb5-1-7/src/kadmin/dbutil/kdb5_util.M	2009-04-15 21:00:28 UTC (rev 22260)
@@ -236,6 +236,18 @@
 \fBlist_mkeys\fP
 List all master keys from most recent to earliest in K/M principal. The output will show the KVNO, enctype and salt for each mkey similar to kadmin getprinc output.  A * following an mkey denotes the currently active master key. 
 .TP
+\fBpurge_mkeys\fP [\fB-f\fP] [\fB-n\fP] [\fB-v\fP]
+Delete master keys from the K/M principal that are not used to protect any principals.  This command can be used to remove old master keys from a K/M principal once all principal keys are protected by a newer master key.
+.TP
+.B \-f
+does not prompt user.
+.TP
+.B \-n
+do a dry run, shows master keys that would be purged, does not actually purge any keys.
+.TP
+.B \-v
+verbose output.
+.TP
 \fBupdate_princ_encryption\fP [\fB\-f\fP] [\fB\-n\fP] [\fB\-v\fP] [\fBprinc\-pattern\fP]
 Update all principal records (or only those matching the
 .B princ\-pattern