Now I'm little bit wondering how to rollover the krbtgt principal, I've
found `cpw --keepold` functionality which nicely adds a new keys
(kvno+1) for existing principal with requested keytypes ([kadmin]
default_keys), but i cannot find a way how to selectively delete the old
key by kvno...