Administration

Destroying the Kerberos Database

Destroying the Kerberos Database

The kdb_destroy utility securely removes the principal database. This utility runs on the primary and secondary security servers. If you run this utility using the command line options, it prompts you with a confirmation and then removes the default principal database, /krb5/prinicpal. To confirm the request, you must type the word “yes”; else kdb_destroy returns the message “Database not destroyed”.

This tool destroys only the principal.* files. The other files that store the principal information must be handled separately. To destroy the admin_acl_file, manually delete it. To destroy the key table files, use ktutil.

To ensure that no one reads the previous contents of the database files, kdb_destroy writes zeros to the original files before it deletes them.

The general syntax for this is:

kdb_destroy [-f keyfile]

The kdb_destroy utility uses the following options:

-f keyfile Destroys an alternative key file named keyfile.

Given below is an example of using the kdb_destroy:

shell% kdb_destroy

keyfile: /opt/krb5/.k5.DCETST3.FINANCE.BAMBI.COM

Deleting KDC database stored in ‘/opt/krb5/principal’, are you sure?

(type ‘yes’ to confirm)?

Database destroyed!

Chapter 6

195

Page 194 Page 196
Page 195
Image 195
HP UX Kerberos Data Security Software manual Destroying the Kerberos Database
Page 194 Page 196
Top Page Image Contents