On Fri, 2009-10-30 at 16:30 -0400, Rob Crittenden wrote: > I wasn't able to find a command-line program to remove principals from a > keytab so I wrote my own. ktutil can do it but it doesn't take > command-line arguments. Java ships a utility named ktab but adding a > huge dependency for one app seem a bit much :-) > > In any case, this program has 2 modes: > > 1. Given a keytab and a principal, remove all entries of that principal > from the keytab. This removes all versions and encryption types. > > 2. Given a realm remove all principals in that realm. I cheat a little > and insert an @ before the principal name because all this really does > is a strstr() to see if the principal in the keytab is in the realm > provided. > > This utility will be added to the ipa-client-uninstall script at some > point to clean up /etc/krb5.keytab. > > rob
ack. Rob walked me through its use on #freeipa, and it works as advertised. _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
