Removing old keys

[Russ Allbery]

Greg Hudson <ghudson at MIT.EDU> writes:
> On Mon, 2010-09-20 at 16:11 -0400, Tom Yu wrote:

>> * delete all old kvnos
>> * delete one specific kvno
>> * something else

> It may also be useful to be able to remove one or more key:salt types
> from an existing kvno.  For example, a site which is migrating away from
> DES might want to (at some point in the process) remove all DES keys
> without force-changing all passwords.

Yes, definitely.  That's a very nice feature to have.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>