How to Remove a Service Principal From a Keytab
File
-
Become superuser on the host with a service principal that must be removed from its keytab file.
-
Start the kadmin command.
# /usr/sbin/kadmin
-
(Optional) To display the current list of principals (keys) in the keytab file, use the ktutil command.
See How to Display the Keylist (Principals) in a Keytab File for detailed instructions.
-
Remove a principal from the keytab file by using the ktremove command.
kadmin: ktremove [-k keytab] [-q] principal [kvno | all | old ]
- -k keytab
-
Specifies the keytab file. By default, /etc/krb5/krb5.keytab is used.
- -q
-
Displays less verbose information.
- principal
-
Specifies the principal to be removed from the keytab file.
- kvno
-
Removes all entries for the specified principal whose key version number matches kvno.
- all
-
Removes all entries for the specified principal.
- old
-
Removes all entries for the specified principal, except those principals with the highest key version number.
-
Quit the kadmin command.
kadmin: quit
Example 25–17 Removing a Service Principal From a Keytab File
In the following example, denver's host principal is removed from denver's keytab file.
denver # /usr/sbin/kadmin kadmin: ktremove host/denver.example.com@EXAMPLE.COM kadmin: Entry for principal host/denver.example.com@EXAMPLE.COM with kvno 3 removed from keytab WRFILE:/etc/krb5/krb5.keytab. kadmin: quit |
- © 2010, Oracle Corporation and/or its affiliates