pull up r22208 from trunk

 ------------------------------------------------------------------------
 r22208 | wfiveash | 2009-04-13 18:15:05 -0400 (Mon, 13 Apr 2009) | 11 lines
 Changed paths:
    M /trunk/src/kadmin/dbutil/kdb5_util.M

 Ticket: 6459
 Subject: Update kdb5_util man page with missing purge_mkeys command
 Version_Reported: 1.7
 Target_Version: 1.7
 Tags: pullup

 While previously updating the kdb5_util command man page to include
 documentation on new subcommands added as a result of the Master Key
 Migration project I missed the purge_mkeys command.  I've added that
 with this commit.

ticket: 6459
version_fixed: 1.7

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22260 dc483132-0cff-0310-8789-dd5450dbe970

1 files changed, 12 insertions, 0 deletions

diff --git a/src/kadmin/dbutil/kdb5_util.M b/src/kadmin/dbutil/kdb5_util.M
index 1883ce2..f566781 100644
--- a/src/kadmin/dbutil/kdb5_util.M
+++ b/src/kadmin/dbutil/kdb5_util.M
@@ -236,6 +236,18 @@ argument is that specified in the Time Formats section of the kadmin man page.
 \fBlist_mkeys\fP
 List all master keys from most recent to earliest in K/M principal. The output will show the KVNO, enctype and salt for each mkey similar to kadmin getprinc output.  A * following an mkey denotes the currently active master key. 
 .TP
+\fBpurge_mkeys\fP [\fB-f\fP] [\fB-n\fP] [\fB-v\fP]
+Delete master keys from the K/M principal that are not used to protect any principals.  This command can be used to remove old master keys from a K/M principal once all principal keys are protected by a newer master key.
+.TP
+.B \-f
+does not prompt user.
+.TP
+.B \-n
+do a dry run, shows master keys that would be purged, does not actually purge any keys.
+.TP
+.B \-v
+verbose output.
+.TP
 \fBupdate_princ_encryption\fP [\fB\-f\fP] [\fB\-n\fP] [\fB\-v\fP] [\fBprinc\-pattern\fP]
 Update all principal records (or only those matching the
 .B princ\-pattern