Introduction to the Kerberos Products and GSS-API

KRB5 Client Software

 

 

I - Initial

 

 

i - invalid

 

-s

The -soption sets exit status without klist output.

 

-k

The -koption lists keys held in a keytab file.

 

-t

The -toption displays the time entry timestamps for

 

 

each keytab entry in the keytab file.

 

-K

The -Koption displays the value of the encryption key

 

 

in each keytab entry in the keytab file.

Reference

To view the klist manpage, issue the following command:

 

$ man 1 klist

 

 

 

The kdestroy Utility

Description

The kdestroy utility destroys the user’s active Kerberos authorization

 

tickets by writing zeros to the specified credentials cache that contains

 

them. If the credential cache is not specified, the default credential cache

 

is destroyed.

 

 

 

A user's credentials are not automatically removed by exiting from a

 

SHELL or logging out. You need to remove the credential cache files

 

manually before logging out using the kdestroy command.

 

If you use the csh shell, you can include kdestroy in the .logout file in

 

your home directory. Additionally, the system administrator can remove

 

expired credential cache files using either a start script or a cron job to

 

recover disk space and prevent maliciously access to the network

 

credentials.

 

 

Synopsis

/usr/bin/kdestroy [-q]

 

/usr/bin/kdestroy [-c] [cache_name]

Options

-q

The -qoption suppresses beeps if it fails to destroy the

 

 

user’s tickets.

 

-c

The -coption uses cache_name as the credentials

 

 

(ticket) cache name and location; if cache_name is not

 

 

specified, the default cache name and location are used.

Reference

To view the kdestroy manpage, issue the following command:

 

 

 

 

60

 

 

Chapter 2