[Freeipa-devel] [PATCH] 305 remove a principal from a keytab
Jason Gerard DeRose
jderose at redhat.com
Tue Nov 3 18:32:37 UTC 2009
On Fri, 2009-10-30 at 16:30 -0400, Rob Crittenden wrote:
> I wasn't able to find a command-line program to remove principals from a
> keytab so I wrote my own. ktutil can do it but it doesn't take
> command-line arguments. Java ships a utility named ktab but adding a
> huge dependency for one app seem a bit much :-)
>
> In any case, this program has 2 modes:
>
> 1. Given a keytab and a principal, remove all entries of that principal
> from the keytab. This removes all versions and encryption types.
>
> 2. Given a realm remove all principals in that realm. I cheat a little
> and insert an @ before the principal name because all this really does
> is a strstr() to see if the principal in the keytab is in the realm
> provided.
>
> This utility will be added to the ipa-client-uninstall script at some
> point to clean up /etc/krb5.keytab.
>
> rob
ack. Rob walked me through its use on #freeipa, and it works as
advertised.
More information about the Freeipa-devel
mailing list