How to Remove a Service Principal From a Keytab
-
Become superuser on the host with a service principal that must be removed from its keytab.
-
Start the kadmin command.
# /usr/krb5/bin/kadmin
-
Optional. To display the current list of principals (keys) in the keytab, use the ktutil command.
See "How to Display the Keylist (Principals) in a Keytab" for detailed instructions.
-
Remove a principal from a keytab by using the ktremove command.
kadmin: ktremove [-k keytab] [-q] principal [kvno | all | old ]
-k keytab
Specifies the keytab file. By default, /etc/krb5/krb5.keytab is used.
-q
Displays less verbose information.
principal
Principal to be removed from the keytab.
kvno
Removes all entries for the specified principal whose kvno (key version number) matches kvno.
all
Removes all entries for the specified principal.
old
Removes all entries for the specified principal except those with the highest kvno.
-
Quit the kadmin command.
kadmin: quit
Example--Removing a Service Principal From a Keytab
The following example removes denver's host principal from denver's keytab file.
denver # /usr/krb5/bin/kadmin kadmin: ktremove host/denver.acme.com@ACME.COM kadmin: Entry for principal host/denver.acme.com@ACME.COM with kvno 3 removed from keytab WRFILE:/etc/krb5/krb5.keytab. kadmin: quit |
- © 2010, Oracle Corporation and/or its affiliates