Removing old keys
Tom Yu
tlyu at MIT.EDU
Mon Sep 20 16:11:30 EDT 2010
Greg Hudson <ghudson at MIT.EDU> writes:
> On Mon, 2010-09-20 at 15:31 -0400, Jonathan Reams wrote:
>> Is there a mechanism for pruning old keys in the same way that
>> kdb5_util lets you purge old master keys that are no longer being
>> used?
> To the best of my understanding, there is not, short of dumpfile
> editing. This is a long-standing shortcoming in the kadmin system,
> which we simply haven't gotten around to correcting.
What would people prefer in terms of an interface for this capability?
* delete all old kvnos
* delete one specific kvno
* something else
We would probably implement this as a new kadmin RPC.
More information about the krbdev
mailing list