Path: utzoo!utgpu!watserv1!watmath!att!pacbell.com!mips!apple!agate!shelby!MIT.EDU!jtkohl
From: jtkohl@MIT.EDU (John T Kohl)
Newsgroups: comp.protocols.kerberos
Subject: re: Database Frobbing (was Re: What are a principal's attributes used for?)
Message-ID: <9012191338.AA19443@lycus.MIT.EDU>
Date: 19 Dec 90 13:38:20 GMT
References: <9012190500.AA01010@paddington.MIT.EDU>
Sender: news@shelby.stanford.edu (USENET News System)
Organization: Internet-USENET Gateway at Stanford University
Lines: 10

Martin asks "is there a particular reason why kdb_edit, or some such
program, doesn't support a delete operation".

Besides the reasons Jon Rochlis gave, there's also a security-related
one.  If you delete names and they get re-used, there's a chance that
the new owner of the name may get unintended access to services which
have the name on an Access Control List, but didn't remove it when the
old principal was destroyed.

John