Removing old keys
Russ Allbery
rra at stanford.edu
Mon Sep 20 16:18:15 EDT 2010
Tom Yu <tlyu at MIT.EDU> writes:
> What would people prefer in terms of an interface for this capability?
> * delete all old kvnos
> * delete one specific kvno
> * something else
> We would probably implement this as a new kadmin RPC.
The same semantics offered for keytabs by Heimdal ktutil look right to me,
namely all of:
* Remove a specified kvno.
* Purge all old kvnos.
* Purge all old kvnos which are at least as old as an <age> argument.
The last two could of course use a single RPC.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the krbdev
mailing list