Installing, Configuring and Administering the Kerberos Server V 2.0 on HP-UX 11i
Administration
Destroying the Kerberos Database
Chapter 6 195
Destroying the Kerberos Database
The kdb_destroy utility securely removes the principal database. This
utility runs on the primary and secondary security servers. If you run
this utility using the command line options, it prompts you with a
confirmation and then removes the default principal database,
/krb5/prinicpal. To confirm the request, you must type the word“yes”;
else kdb_destroy returns the message “Database not destroyed”.
This tool destroys only the principal.* files. The other files that store
the principal information must be handled separately. To destroy the
admin_acl_file, manually delete it. To destroy the key table files, use
ktutil.
To ensure that no one reads the previous contents of the database files,
kdb_destroy writes zeros to the original files before it deletes them.
The general syntax for this is:
kdb_destroy [-f keyfile]
The kdb_destroy utility uses the following options:
-f keyfile Destroys an alternative key file named keyfile.
Given below is an example of using the kdb_destroy:
shell% kdb_destroy
keyfile: /opt/krb5/.k5.DCETST3.FINANCE.BAMBI.COM
Deleting KDC database stored in ‘/opt/krb5/principal’, are you
sure?
(type ‘yes’ to confirm)?
Database destroyed!