Filter
Top Products
Administering the Kerberos Server
Destroying the Kerberos Database
Chapter 8 229
Destroying the Kerberos Database
The kdb_destroy utility securely removes the principal database. This
utility runs on the primary and secondary security servers. If you run
this utility using command-line options, it prompts you with a
confirmation message and then removes the default principal database,
/krb5/prinicpal. To confirm the deletion, type yes otherwise,
kdb_destroy returns the message Database not destroyed.
This tool destroys only the principal.* files. You must handle the other
files that store the principal information separately. To destroy
admin_acl_file, manually delete it. To destroy the key table files, use
the ktutil tool.
To ensure that no one reads the previous contents of the database files,
kdb_destroy writes 0s (zeros) to the original files before it deletes them.
The general syntax for destroying the Kerberos database is as follows:
kdb_destroy [-f keyfile]
The kdb_destroy utility uses the following options:
-f keyfile Destroys an alternative key file named keyfile.
-e enctype Specifies the encryption and checksum mechanism of
the primary principal. Following are the encryption
types that are supported:
• 3DES or 5: DES-CBC-MD5 (default)
• DES-MD5 or 3: DES-CBC-MD5
• DES-CRC or 1: DES-CBC-CRC
NOTE The default, DES3-CBC-MD5, will be set as the
encryption type if you do not specify any of the
encryption types previously mentioned.
Following is an example output of the kdb_destroy utility:
shell% kdb_destroy
keyfile: /opt/krb5/.k5.DCETST3.FINANCE.BAMBI.COM
Deleting KDC database stored in ‘/opt/krb5/principal’, are you