1ipa-rmkeytab(1)              FreeIPA Manual Pages              ipa-rmkeytab(1)
2
3
4

NAME

6       ipa-rmkeytab - Remove a kerberos principal from a keytab
7

SYNOPSIS

9       ipa-rmkeytab [ -p principal-name ] [ -k keytab-file ] [ -r realm ] [ -d
10       ]
11
12

DESCRIPTION

14       Removes a kerberos principal from a keytab.
15
16       Kerberos keytabs are used for services (like sshd) to perform  kerberos
17       authentication.  A  keytab is a file with one or more secrets (or keys)
18       for a kerberos principal.
19
20       A kerberos service principal is a kerberos identity that  can  be  used
21       for authentication. Service principals contain the name of the service,
22       the hostname of the server, and the realm name.
23
24       ipa-rmkeytab provides two ways to remove principals.  A specific  prin‐
25       cipal  can  be  removed  or  all  principals  for  a given realm can be
26       removed.
27
28       All encryption types and versions of a principal are removed.
29
30       The realm may be included when removing a specific principal but it  is
31       not required.
32
33       NOTE: removing a principal from the keytab does not affect the Kerberos
34       principal stored in the IPA server. It merely removes  the  entry  from
35       the local keytab.
36

OPTIONS

38       -p principal-name
39              The non-realm part of the full principal name.
40
41       -k keytab-file
42              The keytab file to append the principal(s) from.
43
44       -r realm
45              A realm to remove all principals for.
46
47       -d     Debug mode. Additional information is displayed.
48

EXAMPLES

50       Remove  the  NFS  service  principal  on  the host foo.example.com from
51       /tmp/nfs.keytab.
52
53          # ipa-rmkeytab -p nfs/foo.example.com -k /tmp/nfs.keytab
54
55       Remove the ldap service principal  on  the  host  foo.example.com  from
56       /etc/krb5.keytab.
57
58          # ipa-rmkeytab -p ldap/foo.example.com -k /etc/krb5.keytab
59
60       Remove all principals for the realm EXAMPLE.COM.
61
62         # ipa-rmkeytab -r EXAMPLE.COM -k /etc/krb5.keytab
63

EXIT STATUS

65       The exit status is 0 on success, nonzero on error.
66
67       1 Kerberos initialization failed
68
69       2 Memory allocation error
70
71       3 Unable to open keytab
72
73       4 Unable to parse the principal name
74
75       5 Principal name or realm not found in keytab
76
77       6 Unable to remove principal from keytab
78
79
80
81FreeIPA                           Oct 30 2009                  ipa-rmkeytab(1)
Impressum