You can remove a principal from a keytab file. On the host that needs a principal removed from its keytab file, you first view the list of principals. See Displaying the Principals in a Keytab File.
Then, you run the ktadd command in a kadmin process. For more information, see the kadmin(1M) man page.
# /usr/sbin/kadmin kadmin: ktremove [-k keytab] [-q] principal [kvno | all | old ]
Specifies the keytab file. By default, /etc/krb5/krb5.keytab is used.
Displays less verbose information.
Specifies the principal to be removed from the keytab file.
Removes all entries for the specified principal whose key version number matches kvno.
Removes all entries for the specified principal.
Removes all entries for the specified principal except those principals with the highest key version number.
In this example, denver's host principal is removed from denver's keytab file.
denver # /usr/sbin/kadmin kadmin: ktremove host/denver.example.com@EXAMPLE.COM kadmin: Entry for principal host/denver.example.com@EXAMPLE.COM with kvno 3 removed from keytab WRFILE:/etc/krb5/krb5.keytab. kadmin: quit