Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.7.7.76]) by krbdev.mit.edu (8.9.3) with ESMTP id WAA21071; Tue, 22 Oct 2002 22:46:54 -0400 (EDT)
Received: from luminous.mit.edu (LUMINOUS.MIT.EDU [18.101.1.61]) by fort-point-station.mit.edu (8.9.2/8.9.2) with ESMTP id WAA07945 for <krb5-bugs@mit.edu>; Tue, 22 Oct 2002 22:46:53 -0400 (EDT)
Received: by luminous.mit.edu (Postfix, from userid 1000) id CF140766CA; Tue, 22 Oct 2002 22:46:52 -0400 (EDT)
To: krb5-bugs@mit.edu
Subject: mechanism to delete old keys should exist
Message-Id: <20021023024652.CF140766CA@luminous.mit.edu>
Date: Tue, 22 Oct 2002 22:46:52 -0400 (EDT)
From: hartmans@MIT.EDU (Sam Hartman)
X-RT-Original-Encoding: iso-8859-1
Content-Length: 408



We need a mechanism to delete old keys (especially tgt keys) from the
database.  One possible mechanism would be start/expire dates on keys.
Another would be a not-valid-yet bit and a command to delete old keys.

The reason you probably want the not valid yet bit is to deal with the
time between the key is generated and the time when it is available on
all replicated servers (AFS and TGT come to mind)