Become superuser on the host with a service principal that must be removed from its keytab file.
Start the kadmin command.
# /usr/sbin/kadmin |
(Optional) To display the current list of principals (keys) in the keytab file, use the ktutil command.
See How to Display the Keylist (Principals) in a Keytab File for detailed instructions.
Remove a principal from the keytab file by using the ktremove command.
kadmin: ktremove [-k keytab] [-q] principal [kvno | all | old ] |
-k keytab |
Specifies the keytab file. By default, /etc/krb5/krb5.keytab is used. |
-q |
Displays less verbose information. |
principal |
Specifies the principal to be removed from the keytab file. |
kvno |
Removes all entries for the specified principal whose key version number matches kvno. |
all |
Removes all entries for the specified principal. |
old |
Removes all entries for the specified principal, except those principals with the highest key version number. |
Quit the kadmin command.
kadmin: quit |
In the following example, denver's host principal is removed from denver's keytab file.
denver # /usr/sbin/kadmin kadmin: ktremove host/denver.example.com@EXAMPLE.COM kadmin: Entry for principal host/denver.example.com@EXAMPLE.COM with kvno 3 removed from keytab WRFILE:/etc/krb5/krb5.keytab. kadmin: quit |