[Freeipa-devel] [PATCH] 305 remove a principal from a keytab
Rob Crittenden
rcritten at redhat.com
Fri Oct 30 20:30:09 UTC 2009
I wasn't able to find a command-line program to remove principals from a
keytab so I wrote my own. ktutil can do it but it doesn't take
command-line arguments. Java ships a utility named ktab but adding a
huge dependency for one app seem a bit much :-)
In any case, this program has 2 modes:
1. Given a keytab and a principal, remove all entries of that principal
from the keytab. This removes all versions and encryption types.
2. Given a realm remove all principals in that realm. I cheat a little
and insert an @ before the principal name because all this really does
is a strstr() to see if the principal in the keytab is in the realm
provided.
This utility will be added to the ipa-client-uninstall script at some
point to clean up /etc/krb5.keytab.
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-305-keytab.patch
Type: application/mbox
Size: 13126 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20091030/de38dfd3/attachment.mbox>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20091030/de38dfd3/attachment.bin>
More information about the Freeipa-devel
mailing list