Configuration Guide for Kerberos Client Products on HP-UX

Introduction to the Kerberos Products and GSS-API

KRB5 Client Software

Chapter 260

• I - Initial

• i - invalid

-s The -s option sets exit status without klist output.

-k The -k option lists keys held in a keytab file.

-t The -t option displays the time entry timestamps for

each keytab entry in the keytab file.

-K The -K option displays the value of the encryption key

in each keytab entry in the keytab file.

Reference To view the klist manpage, issue the following command:

$ man 1 klist

The kdestroy Utility

Description The kdestroy utility destroys the user’s active Kerberos authorization

tickets by writing zeros to the specified credentials cache that contains

them. If the credential cache is not specified, the default credential cache

is destroyed.

A user's credentials are not automatically removed by exiting from a

SHELL or logging out. You need to remove the credential cache files

manually before logging out using the kdestroy command.

If you use the csh shell, you can include kdestroy in the .logout file in

your home directory. Additionally, the system administrator can remove

expired credential cache files using either a start script or a cron job to

recover disk space and prevent maliciously access to the network

credentials.

Synopsis

/usr/bin/kdestroy [-q]

/usr/bin/kdestroy [-c] [cache_name]

Options -q The -q option suppresses beeps if it fails to destroy the

user’s tickets.

-c The -c option uses cache_name as the credentials

(ticket) cache name and location; if cache_name is not

specified, the default cache name and location are used.

Reference To view the kdestroy manpage, issue the following command: