Update to the design of the Master Key Migration project
Nicolas.Williams at sun.com
Thu Sep 25 00:56:00 EDT 2008
On Wed, Sep 24, 2008 at 06:56:50PM -0400, Jeffrey Hutzelman wrote:
> >Why not also end_time, with 0 -> never?
> You don't need one. The usage period for each entry is bounded by the
> start time of the next later entry, and by the principal and key expiration
> times in the KDB entry. I see no need for an additional place to store
> this data.
It's useful for the TGS key -- it allows one to expire old-but-valid
I suppose that's not really necessary.
More information about the krbdev