Update to the design of the Master Key Migration project

Nicolas Williams Nicolas.Williams at sun.com
Thu Sep 25 00:56:00 EDT 2008

On Wed, Sep 24, 2008 at 06:56:50PM -0400, Jeffrey Hutzelman wrote:
> >Why not also end_time, with 0 -> never?
> You don't need one.  The usage period for each entry is bounded by the 
> start time of the next later entry, and by the principal and key expiration 
> times in the KDB entry.  I see no need for an additional place to store 
> this data.

It's useful for the TGS key -- it allows one to expire old-but-valid

I suppose that's not really necessary.

More information about the krbdev mailing list