Node:Removing Principals from Keytabs, Previous:Adding Principals to Keytabs, Up:Keytabs



Removing Principals from Keytabs

To remove a principal from an existing keytab, use the kadmin ktremove command. The syntax is:

     ktremove [-k[eytab] keytab] [-q] principal [kvno | all | old]
     

The ktremove command takes the following switches:

-k[eytab] keytab
use keytab as the keytab file. Otherwise, ktremove will use the default keytab file (/etc/krb5.keytab).
-q
run in quiet mode. This causes ktremove to display less verbose information.
principal
the principal to remove from the keytab. (Required.)
kvno
remove all entries for the specified principal whose Key Version Numbers match kvno.
all
remove all entries for the specified principal
old
remove all entries for the specified principal except those with the highest kvno.

For example:

     kadmin: ktremove -k /usr/local/var/krb5kdc/kadmind.keytab kadmin/admin
     kadmin: Entry for principal kadmin/admin with kvno 3 removed
          from keytab WRFILE:/usr/local/var/krb5kdc/kadmind.keytab.
     kadmin: