Administering the Kerberos Server

Principals

Deleting a service principal using one of the Kerberos administrative utilities removes the principal name, attributes, and properties from the database.

For a service principal, you need to perform an additional step of removing its secret key, which is stored in the service key table file on the host of the service. This key is not deleted when the service principal is removed from the database. Therefore, you must manually delete the secret key from the database.

If a host contains only one service, you can delete the service key table file. The default name for the file is v5srvtab.

If multiple services share the same service key table file, remove the service key for the deleted service principal account from the service key table file. For information on deleting keys from the service key table file, see “Deleting Older Keys from the Service Key Table File” on page 245.

Chapter 8

129

Page 129
Image 129
HP UX Kerberos Data Security Software manual