Skip to content

Latest commit

 

History

History
73 lines (54 loc) · 2.64 KB

age_keytab.pod

File metadata and controls

73 lines (54 loc) · 2.64 KB

NAME

age_keytab - Remove old Kerberos keys from a keytab

SYNOPSIS

age_keytab [keytab]

DESCRIPTION

age_keytab scans the specified keytab, or the Kerberos default keytab if none is given, to find keys that should be deleted. Specifically, it considers principals for which multiple keys are present and any tickets issued prior to the most recent version are likely to have expired. Under those conditions, age_keytab deletes all keys whose kvno is lower than that found in a newly-issued ticket.

CAVEATS

The determination as to whether tickets issued with an older key are likely to have expired is based on the lifetime of a newly-issued ticket. Thus, this heuristic may produce incorrect results if the principal's maximum lifetime has changed, or if the tickets with which age_keytab is run expire too soon.

SEE ALSO

rekeymgr(1), getnewkeys(8)

AUTHOR

The rekey tools were written by Chaskiel Grundman.

COPYRIGHT

Copyright (c) 2008-2021 Carnegie Mellon University.
All rights reserved.

Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:

1. Redistributions of source code must retain the above copyright
   notice, this list of conditions and the following disclaimer. 

2. Redistributions in binary form must reproduce the above copyright
   notice, this list of conditions and the following disclaimer in
   the documentation and/or other materials provided with the
   distribution.

3. The name "Carnegie Mellon University" must not be used to
   endorse or promote products derived from this software without
   prior written permission. For permission or any other legal
   details, please contact  
     Office of Technology Transfer
     Carnegie Mellon University
     5000 Forbes Avenue
     Pittsburgh, PA  15213-3890
     (412) 268-4387, fax: (412) 268-7395
     tech-transfer@andrew.cmu.edu

4. Redistributions of any form whatsoever must retain the following
   acknowledgment:
   "This product includes software developed by Computing Services
    at Carnegie Mellon University (http://www.cmu.edu/computing/)."

CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.