Oracle ZFS Storage Appliance Administration Guide, Release OS8.8.x Appliance Services Configuring Services Kerberos Configuration Deleting Kerberos Principals and Keys (CLI) Deleting Kerberos Principals and Keys (CLI) Use the following procedure to delete individual keys, or to delete all keys for a principal. Go to configuration services kerberos and enter list. hostname:configuration services kerberos> list REALM KDC TEST.NET Select the realm. hostname:configuration services kerberos> select TEST.NET hostname:configuration services kerberos TEST.NET> Enter show to view the principals for the KDC. hostname:configuration services kerberos TEST.NET> show Properties: kdcs = kdc1.us.oracle.com Keytab entries: NAME KEYS PRINCIPAL principal-000 4 host/hostname.us.oracle.com@TEST.NET principal-001 4 nfs/hostname.us.oracle.com@TEST.NET To delete all of the keys for a principal, enter destroy and the principal name, and confirm your action. To delete an individual key, see the next step.hostname:configuration services kerberos TEST.NET> destroy principal-000 This will delete all keys for "principal-000". Are you sure? (Y/N) Y To delete an individual key for a principal, first select a principal and enter show to view the list of keys. hostname:configuration services kerberos TEST.NET> select principal-001 hostname:configuration services kerberos principal-001> show Properties: name = nfs/hostname.us.oracle.com@TEST.NET Keys: KEY KVNO ENCTYPENO ENCTYPE key-000 28 18 AES-256 CTS mode with 96-bit SHA-1 HMAC key-001 28 17 AES-128 CTS mode with 96-bit SHA-1 HMAC key-002 28 16 Triple DES cbc mode with HMAC/sha1 key-003 28 23 ArcFour with HMAC/md5 key-004 28 24 Exportable ArcFour with HMAC/md5 key-005 28 3 DES cbc mode with RSA-MD5 key-006 28 1 DES cbc mode with CRC-32Legend for column headings: KEY = Key name KVNO = Key version number ENCTYPENO = Encryption type number ENCTYPE = Encryption type To view the properties of a key, select a key and enter show. hostname:configuration services kerberos principal-001> select key-003 hostname:configuration services kerberos principal-001 key-003> show Properties: principal = nfs/hostname.us.oracle.com@TEST.NET kvno = 28 enctype = ArcFour with HMAC/md5 enctypeno = 23 To delete a key or view a different key, enter done to return to the principal context. hostname:configuration services kerberos principal-001 key-003> done hostname:configuration services kerberos principal-001> To delete the key, enter destroy and the key name, and confirm your action. hostname:configuration services kerberos principal-001> destroy key-003 This will delete key "key-003". Are you sure? (Y/N) Y