使用以下过程可删除单个密钥,也可删除某个主体的所有密钥。
hostname:configuration services kerberos> list REALM KDC TEST.NET
hostname:configuration services kerberos> select TEST.NET hostname:configuration services kerberos TEST.NET>
hostname:configuration services kerberos TEST.NET> show Properties: kdcs = kdc1.us.oracle.com Keytab entries: NAME KEYS PRINCIPAL principal-000 4 host/hostname.us.oracle.com@TEST.NET principal-001 4 nfs/hostname.us.oracle.com@TEST.NET
要删除单个密钥,请参见下一步。
hostname:configuration services kerberos TEST.NET> destroy principal-000 This will delete all keys for "principal-000". Are you sure? (Y/N) Y
hostname:configuration services kerberos TEST.NET> select principal-001 hostname:configuration services kerberos principal-001> show Properties: name = nfs/hostname.us.oracle.com@TEST.NET Keys: KEY KVNO ENCTYPENO ENCTYPE key-000 28 18 AES-256 CTS mode with 96-bit SHA-1 HMAC key-001 28 17 AES-128 CTS mode with 96-bit SHA-1 HMAC key-002 28 16 Triple DES cbc mode with HMAC/sha1 key-003 28 23 ArcFour with HMAC/md5 key-004 28 24 Exportable ArcFour with HMAC/md5 key-005 28 3 DES cbc mode with RSA-MD5 key-006 28 1 DES cbc mode with CRC-32
列标题图例:
KEY = 密钥名称
KVNO = 密钥版本号
ENCTYPENO = 加密类型编号
ENCTYPE = 加密类型
hostname:configuration services kerberos principal-001> select key-003 hostname:configuration services kerberos principal-001 key-003> show Properties: principal = nfs/hostname.us.oracle.com@TEST.NET kvno = 28 enctype = ArcFour with HMAC/md5 enctypeno = 23
hostname:configuration services kerberos principal-001 key-003> done hostname:configuration services kerberos principal-001>
hostname:configuration services kerberos principal-001> destroy key-003 This will delete key "key-003". Are you sure? (Y/N) Y