deletion of old keys

Lara Adianto m1r4cle_26 at
Thu Jun 3 03:14:04 EDT 2004


In section 4.1 of RFC 1510, it is mentioned that 
"When an application server's key changes, if the
change is routine, the old key should be retained by
the server until all tickets that had been issued
using that key have expired"

Does MIT Kerberos handle deletion of old keys or does
it let the array that store the old keys
(krb5_tl_data) grows without limit ? If it does handle
the deletion of old keys, when is it done ? How does
it know if all the tickets that it has issued have
expired ? I've traced the code but so far, I can't
find the part where this is done. So, hopefully
someone can help me to save my time :-)

Thank you,

La vie, voyez-vous, ca n'est jamais si bon ni si mauvais qu'on croit
                                                                        - Guy de Maupassant -

Do you Yahoo!?
Friends.  Fun.  Try the all-new Yahoo! Messenger. 

More information about the Kerberos mailing list