Removing a Service Principal From a Keytab File - Managing Kerberos and Other Authentication Services in Oracle® Solaris 11.2

Managing Kerberos and Other Authentication Services in Oracle^® Solaris 11.2

Exit Print View

» ...Documentation Home » Oracle Solaris 11.2 Information Library » Managing Kerberos and Other Authentication ... » Administering Kerberos Principals and Policies » Administering Keytab Files » Removing a Service Principal From a Keytab File

Updated: August 2014

Managing Kerberos and Other Authentication Services in Oracle^® Solaris 11.2

Document Information

Using This Documentation

Chapter 1 Using Pluggable Authentication Modules

Chapter 2 About the Kerberos Service

Chapter 3 Planning for the Kerberos Service

Chapter 4 Configuring the Kerberos Service

Chapter 5 Administering Kerberos Principals and Policies

Ways to Administer Kerberos Principals and Policies

Automating the Creation of New Kerberos Principals

Administering Kerberos Principals

Viewing Kerberos Principals and Their Attributes

Creating a New Kerberos Principal

Modifying a Kerberos Principal

Deleting a Kerberos Principal

Duplicating a Kerberos Principal by Using the gkadmin GUI

Modifying Principals' Kerberos Administration Privileges

Administering Kerberos Policies

Administering Keytab Files

Adding a Kerberos Service Principal to a Keytab File

Removing a Service Principal From a Keytab File

Displaying the Principals in a Keytab File

Temporarily Disabling a Kerberos Service on a Host

How to Temporarily Disable Authentication for a Kerberos Service on a Host

Chapter 6 Using Kerberos Applications

Chapter 7 Kerberos Service Reference

Chapter 8 Kerberos Error Messages and Troubleshooting

Chapter 9 Using Simple Authentication and Security Layer

Chapter 10 Configuring Network Services Authentication

Appendix A DTrace Probes for Kerberos

Security Glossary

Language:

Removing a Service Principal From a Keytab File

You can remove a principal from a keytab file. On the host that needs a principal removed from its keytab file, you first view the list of principals. See Displaying the Principals in a Keytab File.

Then, you run the ktadd command in a kadmin process. For more information, see the kadmin(1M) man page.

# /usr/sbin/kadmin
kadmin: ktremove [-k keytab] [-q] principal [kvno | all | old ]

–k keytab: Specifies the keytab file. By default, /etc/krb5/krb5.keytab is used.
–q: Displays less verbose information.
principal: Specifies the principal to be removed from the keytab file.
kvno: Removes all entries for the specified principal whose key version number matches kvno.
all: Removes all entries for the specified principal.
old: Removes all entries for the specified principal except those principals with the highest key version number.

Example 5-16 Removing a Service Principal From a Keytab File

In this example, denver's host principal is removed from denver's keytab file.

denver # /usr/sbin/kadmin
kadmin: ktremove host/denver.example.com@EXAMPLE.COM
kadmin: Entry for principal host/denver.example.com@EXAMPLE.COM with kvno 3
removed from keytab WRFILE:/etc/krb5/krb5.keytab.
kadmin: quit

Copyright © 2002, 2014, Oracle and/or its affiliates. All rights reserved. Legal Notices