NOTE
Administering the Kerberos Server
Destroying the Kerberos DatabaseDestroying the Kerberos DatabaseThe kdb_destroy utility securely removes the principal database. This utility runs on the primary and secondary security servers. If you run this utility using
This tool destroys only the principal.* files. You must handle the other files that store the principal information separately. To destroy admin_acl_file, manually delete it. To destroy the key table files, use the ktutil tool.
To ensure that no one reads the previous contents of the database files, kdb_destroy writes 0s (zeros) to the original files before it deletes them.
The general syntax for destroying the Kerberos database is as follows:
kdb_destroy
The kdb_destroy utility uses the following options:
•3DES or 5:
•
•
The default,
Following is an example output of the kdb_destroy utility:
shell% kdb_destroy
keyfile: /opt/krb5/.k5.DCETST3.FINANCE.BAMBI.COM
Deleting KDC database stored in ‘/opt/krb5/principal’, are you
Chapter 8 | 229 |