Commands Reference, Volume 3

kdestroy Command

Purpose

Destroys a Kerberos credentials cache.

Syntax

kdestroy [ -q] [ -c cache_name | -e expired_time]

Description

The kdestroy command deletes a Kerberos credentials cache file.

If you specify the -e flag, the command checks all of the credentials cache files in the default cache directory (/var/krb5/security/creds) and deletes any file which contains only expired tickets, provided the tickets have been expired for the specified expired_time.

Flags

-c cache_name

Specifies the name of the credentials cache you want to destroy. The default credentials cache is destroyed if you do not specify a command flag.

If the KRB5CCNAME environment variable is set, its value is used to name the default credentials (ticket) cache.

This flag is mutually exclusive with the -e flag.

-e expired_time

Specifies that all credentials cache files containing expired tickets be deleted if the tickets have been expired at least as long as the expired_time value.

The expired_time is expressed as nwndnhnmns, where:

n: represents a number
w: represents weeks
d: represents days
h: represents hours
m: represents minutes
s: represents seconds

You must specify the expired_time components in this order but you can omit any component. For example, 4h5m represents four hours and 5 minutes and 1w2h represents 1 week and 2 hours. If you only specify a number, the default is hours.

-q Suppress the beep when kdestroy fails to destroy the ticket.

Security

To delete a credentials cache, the user must be the owner of the file or must be a root (uid 0) user.

Examples

To delete the default credentials cache for the user, type:
```
kdestroy
```
To delete all credentials cache with expired tickets older than one day, type:
```
kdestroy -e 1d
```

Files

/usr/krb5/bin/kdestroy
/var/krb5/security/creds/krb5cc_[uid]	default credentials cache ([uid] is the UID of the user.)

Related Information

The kinit command, klist command, and env command.