From: Razvan Becheriu <razvan@isc.org>
Date: Wed, 10 Nov 2021 09:24:47 +0000 (+0200)
Subject: [#2173] updated documentation
X-Git-Tag: eng-drop-2021-11-10~6
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cda56afa249f2abb9fdd8639b132d8a8079c5ee3;p=thirdparty%2Fkea.git

[#2173] updated documentation
---

diff --git a/doc/sphinx/arm/ext-gss-tsig.rst b/doc/sphinx/arm/ext-gss-tsig.rst
index a390ae70fc..0d3bbde561 100644
--- a/doc/sphinx/arm/ext-gss-tsig.rst
+++ b/doc/sphinx/arm/ext-gss-tsig.rst
@@ -451,8 +451,8 @@ After a shared secret key is generated and put in a key table file:
 The ``dhcp.keytab`` takes the same usage as for Unix Kerberos.
 
 
-GSS troubleshooting
-~~~~~~~~~~~~~~~~~~~
+GSS-TSIG Troubleshooting
+~~~~~~~~~~~~~~~~~~~~~~~~
 
 While testing GSS-TSIG integration with Active Directory we came across
 one very cryptic error:
@@ -817,6 +817,14 @@ The server map parameters are described below:
 
 - ``comment`` is allowed but currently ignored.
 
+
+GSS-TSIG Automatic Key Removal
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+The server will periodically delete keys which expired more than 3 times the
+maximum key lifetime.
+
+
 GSS-TSIG Configuration for Deployment
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~