[Freeipa-devel] [PATCH] 305 remove a principal from a keytab
Rob Crittenden
rcritten at redhat.com
Fri Dec 4 21:29:40 UTC 2009
Jason Gerard DeRose wrote:
> On Fri, 2009-10-30 at 16:30 -0400, Rob Crittenden wrote:
>> I wasn't able to find a command-line program to remove principals from a
>> keytab so I wrote my own. ktutil can do it but it doesn't take
>> command-line arguments. Java ships a utility named ktab but adding a
>> huge dependency for one app seem a bit much :-)
>>
>> In any case, this program has 2 modes:
>>
>> 1. Given a keytab and a principal, remove all entries of that principal
>> from the keytab. This removes all versions and encryption types.
>>
>> 2. Given a realm remove all principals in that realm. I cheat a little
>> and insert an @ before the principal name because all this really does
>> is a strstr() to see if the principal in the keytab is in the realm
>> provided.
>>
>> This utility will be added to the ipa-client-uninstall script at some
>> point to clean up /etc/krb5.keytab.
>>
>> rob
>
> ack. Rob walked me through its use on #freeipa, and it works as
> advertised.
>
pushed to master
More information about the Freeipa-devel
mailing list