kdestroy
The Qshell command kdestroy destroys a Kerberos credentials cache.
Syntax
kdestroy [-c cache_name] [-e time_delta]
Default public authority: *USE
Options
- -c cache_name
- The name of the credentials cache to be destroyed. If no command options are specified, the default credentials cache is destroyed. This option is mutually exclusive with the -e option.
- -e time_delta
- All credentials cache files that contain expired tickets are deleted if the tickets have been expired at least as long as the time_delta value.
Authorities
When the credentials cache is of type FILE (see krb5_cc_resolve() for more information about cache types), the default behavior is that the credentials cache file is created in the /QIBM/UserData/OS400/NetworkAuthentication/creds directory. The placement of the credentials cache file can be changed by setting the KRB5CCNAME environment variable.
If the credentials cache file does not reside in the default directory, the following authorities are required:
| Object referred to | Data authority required | Object authority required |
|---|---|---|
| Each directory in the path name preceding the credentials cache file | *X | None |
| Parent directory of the credentials cache file | *WX | None |
| Credentials cache file | *RW | *OBJEXIST |
| Each directory in the paths to the configuration files | *X | None |
| Configuration files | *R | None |
If the credentials cache file resides in the default directory, the following authorities are required:
| Object referred to | Data authority required | Object authority required |
|---|---|---|
| All directories in the path name | *X | None |
| Credentials cache file | *RW | None |
| Each directory in the paths to the configuration files | *X | None |
| Configuration files | *R | None |
To enable the Kerberos protocol to find your credentials cache file from any running process, the name of the cache file is normally stored in the home directory in a file named krb5ccname. A user who wants to use Kerberos authentication on the IBM® i platform must have a home directory defined. By default, the home directory is /home/. This file is used to find the default credentials cache if no command options are specified. The storage location of the cache file name can be overridden by setting the environment variable _EUV_SEC_KRB5CCNAME_FILE. To access this file, the user profile must have *X authority to each directory in the path and *R authority to the file where the cache file name is stored.
Messages
- Unable to resolve credentials cache cache_file_name.
- Unable to destroy credentials cache cache_file_name.
- The function_name function detects an error.
- Unable to retrieve ticket from credentials cache file_name.
- The option_name option requires a value.
- command_option is not a valid command option.
- command_option_one and command_option_two may not be specified together.
- No default credentials cache found.
- Time delta value value is not valid.
For an example of how this command is used, see Deleting expired credentials cache files.