Deleting expired credentials cache files
The kdestroy command deletes a Kerberos credentials cache file. You can also use the Delete Kerberos Credentials Cache (DLTKRBCCF) CL command to delete credentials cache. Users need to periodically delete old credentials.
kdestroy command
The -e option causes the kdestroy command to check all of the credentials cache files in the default cache directory /QIBM/UserData/OS400/NetworkAuthentication/creds. Any file that contains only expired tickets that have been expired for the time_delta value is deleted. The time_delta option is expressed as nwndnhnmns, where n represents a number, w indicates weeks, d indicates days, h indicates hours, m indicates minutes, and s indicates seconds. The components must be specified in this order, but any component can be omitted (for example, 4h5m represents 4 hours and 5 minutes, and 1w2h represents 1 week and 2 hours). If only a number is specified, the default is hours.
- To delete your default credentials cache:
- On a Qshell command line, enter kdestroy
- On an IBM® i control language (CL) command line, enter call qsys/qkrbkdstry
- To delete all credentials cache files that have expired tickets
older than 1 day:
- On a Qshell command line, enter kdestroy -e 1d
- On a CL command line, enter call qsys/qkrbkdstry parm ('-e' '1d')
See the kdestroy usage notes on this Qshell command for specifics on its usage and restrictions.
Delete Kerberos Credentials Cache (DLTKRBCCF) command
On the IBM i command line, you can use the DLTKRBCCF command to delete the credentials cache.
To delete your default credentials cache, enter DLTKRBCCF CCF(*DFT).
To delete all credentials cache files that have expired tickets older than 1 day, enter DLTKRBCCF CCF(*EXPIRED) EXPTIME(1440).