kdestroy Command
Purpose
Destroys a Kerberos credentials cache.
Syntax
Description
The kdestroy command deletes a Kerberos credentials cache file.
If you specify the -e flag, the command checks all of the credentials cache files in the default cache directory (/var/krb5/security/creds) and deletes any file which contains only expired tickets, provided the tickets have been expired for the specified expired_time.
Flags
| Item | Description |
|---|---|
| -c cache_name | Specifies the name of the credentials cache you want to destroy.
The default credentials cache is destroyed if you do not specify a
command flag. If the KRB5CCNAME environment variable is set, its value is used to name the default credentials (ticket) cache. This flag is mutually exclusive with the -e flag. |
| -e expired_time | Specifies that all credentials cache files containing expired
tickets be deleted if the tickets have been expired at least as long
as the expired_time value. The expired_time is expressed as nwndnhnmns, where:
You must specify the expired_time components in this order but you can omit any component. For example, 4h5m represents four hours and 5 minutes and 1w2h represents 1 week and 2 hours. If you only specify a number, the default is hours. |
| -q | Suppress the beep when kdestroy fails to destroy the ticket. |
Security
To delete a credentials cache, the user must be the owner of the file or must be a root (uid 0) user.
Examples
- To delete the default credentials cache for the user, type:
kdestroy - To delete all credentials cache with expired tickets older than
one day, type:
kdestroy -e 1d
Files
| Item | Description |
|---|---|
| /usr/krb5/bin/kdestroy | Contains the kdestroy command. |
| /var/krb5/security/creds/krb5cc_[uid] | Default credentials cache ([uid] is
the UID of the user). |