Administration
Principals
Removing Service Principals
When a service principal account is deleted from the database, the service account is no longer available in the network.
Deleting a service principal using one of the administration tools removes the principal name, attributes, and properties from the database.
For a service principal, there is an additional step that must be performed to remove its secret key stored in the service key table file on the service’s host. This key is not deleted when the service principal is removed from the database. It has to be manually deleted from the database.
If there is only one service on the host, you can delete the service key table file. The default name for the file is v5srvtab.
If multiple services share the same service key table file, you must remove the service key for the deleted service principal account from the service key table file. Refer to “Deleting Older Keys From the Service Key Table File” on page 211, for information on deleting keys from the service key table file.
Chapter 6 | 111 |