How to Destroy Tickets
Tickets are generally destroyed automatically when the commands that created them exit; however, you might want to explicitly destroy your Kerberos tickets when you are through with them, just to be sure. Tickets can be stolen, and if this happens, the person who has them can use them until they expire (although stolen tickets must be decrypted).
To destroy your tickets, use the kdestroy command.
% /usr/bin/kdestroy |
kdestroy destroys all your tickets. You cannot use it to selectively destroy a particular ticket.
If you are going to be away from your system and are concerned about an intruder using your permissions, you should either use kdestroy or a screensaver that locks the screen.
Note -
One way to help ensure that tickets are always destroyed is to add the kdestroy command to the .logout file in your home directory.
In cases where the PAM module has been configured, tickets are destroyed automatically upon logout, so adding a call to kdestroy to your .login file is not necessary. However, if the PAM module has not been configured, or if you don't know whether it has or not, you might want to add kdestroy to your .login file to be sure that tickets are destroyed when you exit your system.
- © 2010, Oracle Corporation and/or its affiliates