Path: utzoo!censor!geac!torsqnt!news-server.csri.toronto.edu!cs.utexas.edu!usc!apple!agate!shelby!MIT.EDU!jon
From: jon@MIT.EDU (Jon A. Rochlis)
Newsgroups: comp.protocols.kerberos
Subject: Re: Database Frobbing (was Re: What are a principal's attributes used for?)
Message-ID: <9012190500.AA01010@paddington.MIT.EDU>
Date: 19 Dec 90 05:00:34 GMT
References: <1990Dec17.143220.21705@news.iastate.edu>
Sender: news@shelby.stanford.edu (USENET News System)
Organization: Internet-USENET Gateway at Stanford University
Lines: 20


   Deleting principals is a particular nuisance.  Jon, is there
   a particular reason why kdb_edit, or some such program, doesn't support
   a delete operation.  The underlying database systems (dbm, ndbm) are
   certainly capable of it. 

Simple conservatism.  If it's difficult to delete principals then it's
not likely to happen unless you really want it to.

   Am I breaking a design constraint if I add such a function?

Not as long as you're will to come in at 3:00am and pick up the pieces
when a bug in Moira deletes half of your Kerberos database.  We'd
rather delete people from Moira, remove their mailing list pointer,
etc, (all of which can be undone easily) and then at our lesiure
delete principals from the Kerberos databse by doing a dump/awk/join
cycle.  It's up to you to weigh the tradeoffs for yourself.  Our call
won't make everyone happy.

		-- Jon