cephx: return expires service keys from rotatingkeyring

Otherwise there's no point in keeping around old service tickets.

To prevent really old tickets from working, we need to rotate
keys.  We want slightly old ones to still work, though.. that's
why we keep 3.

diff --git a/src/auth/RotatingKeyRing.cc b/src/auth/RotatingKeyRing.cc
index 485b9af2708949e6fc9c220d1b5697f7b2428069..47349655a93e35bb7b75bbac127959a2e775478e 100644 (file)
--- a/src/auth/RotatingKeyRing.cc
+++ b/src/auth/RotatingKeyRing.cc
@@ -63,11 +63,6 @@ bool RotatingKeyRing::get_service_secret(uint32_t service_id, uint64_t secret_id
     return false;
   }
 
-  ExpiringCryptoKey& key = iter->second;
-  if (key.expiration > g_clock.now()) {
-    secret = key.key;
-    return true;
-  }
-  dout(0) << "secret " << key << " expired!" << dendl;
-  return false;
+  secret = iter->second.key;
+  return true;
 }