deletion of old keys

Sam Hartman hartmans at MIT.EDU
Thu Jun 3 13:10:58 EDT 2004

>>>>> "Lara" == Lara Adianto <m1r4cle_26 at> writes:

    Lara> Hi, In section 4.1 of RFC 1510, it is mentioned that "When
    Lara> an application server's key changes, if the change is
    Lara> routine, the old key should be retained by the server until
    Lara> all tickets that had been issued using that key have
    Lara> expired"

It means in the keytab, not the KDC database.

There's not currently a way to delete key data from the kdc if you use
the option to retain old keys.

More information about the Kerberos mailing list