How to Destroy Tickets
Usually, tickets are destroyed automatically when the commands that created them exit. However, you might want to explicitly destroy your Kerberos tickets when you are finished with them, just to be sure. Tickets can be stolen. If tickets are stolen, the person who has stolen them can use them until they expire (although stolen tickets must be decrypted).
To destroy your tickets, use the kdestroy command.
% /usr/bin/kdestroy |
kdestroy destroys all your tickets. You cannot use this command to selectively destroy a particular ticket.
If you are going to be away from your system and are concerned about an intruder using your permissions, you should use either kdestroy or a screen saver that locks the screen.
Note –
One way to help ensure that your tickets are always destroyed is to add the kdestroy command to the .logout file in your home directory.
In instances where the PAM module has been configured (which is the default and usual case), tickets are destroyed automatically upon logout. So, adding a call to kdestroy to your .login file is not necessary. However, if the PAM module has not been configured, or if you don't know whether it has been, you might want to add kdestroy to your .login file to ensure that your tickets are destroyed when you exit your system.
- © 2010, Oracle Corporation and/or its affiliates