On Wed, Jun 28, 2017 at 12:08:31AM -0500, Nico Williams wrote:
> We do need better key mgmt support though.  It'd nice to have automatic
> rekeying and expunging of keys too old to be needed for decrypting
> extant live tickets.

Viktor points out that we do have server-side (in libkadm5, thus
kadmind) support for optional automatic expunging old keys in
kadm5_setkey_principal_3().  We have it for krb5_admin/krb5_keytab :)

We want to add client-side support as well.

We also need client-side support for automatic keytab entry expunge as


Reply via email to