> On Nov 12, 2017, at 9:08 AM, Henry B (Hank) Hotz, CISSP <hbh...@oxy.edu>
>> This means that you can not inspect the database
>> (short of dumping it with kadmin -l dump) without possibly altering it
>> which might not be expected (though I do see the helpful side of being
>> able to easily prune keys on demand).
The "get" functions DO NOT have side-effects of truncating key history,
that only happens on "set". The "get" functions may return a proper
subset of the stored keys, but the stored entry remains unchanged.