> On Nov 12, 2017, at 9:08 AM, Henry B (Hank) Hotz, CISSP <hbh...@oxy.edu> 
> wrote:
>> This means that you can not inspect the database
>> (short of dumping it with kadmin -l dump) without possibly altering it
>> which might not be expected (though I do see the helpful side of being
>> able to easily prune keys on demand).

The "get" functions DO NOT have side-effects of truncating key history,
that only happens on "set".  The "get" functions may return a proper
subset of the stored keys, but the stored entry remains unchanged.


Reply via email to