> On Nov 12, 2017, at 9:08 AM, Henry B (Hank) Hotz, CISSP <hbh...@oxy.edu> > wrote: > >> This means that you can not inspect the database >> (short of dumping it with kadmin -l dump) without possibly altering it >> which might not be expected (though I do see the helpful side of being >> able to easily prune keys on demand).
The "get" functions DO NOT have side-effects of truncating key history, that only happens on "set". The "get" functions may return a proper subset of the stored keys, but the stored entry remains unchanged. -- Viktor.