kdestroy Command

Purpose

Destroys a Kerberos credentials cache.

Syntax

kdestroy [ -q] [ -c cache_name | -e expired_time]

Description

The kdestroy command deletes a Kerberos credentials cache file.

If you specify the -e flag, the command checks all of the credentials cache files in the default cache directory (/var/krb5/security/creds) and deletes any file which contains only expired tickets, provided the tickets have been expired for the specified expired_time.

Flags

Flags Description
Item Description
-c cache_name Specifies the name of the credentials cache you want to destroy. The default credentials cache is destroyed if you do not specify a command flag.

If the KRB5CCNAME environment variable is set, its value is used to name the default credentials (ticket) cache.

This flag is mutually exclusive with the -e flag.
-e expired_time Specifies that all credentials cache files containing expired tickets be deleted if the tickets have been expired at least as long as the expired_time value.

The expired_time is expressed as nwndnhnmns, where:

n
represents a number
w
represents weeks
d
represents days
h
represents hours
m
represents minutes
s
represents seconds

You must specify the expired_time components in this order but you can omit any component. For example, 4h5m represents four hours and 5 minutes and 1w2h represents 1 week and 2 hours. If you only specify a number, the default is hours.
-q Suppress the beep when kdestroy fails to destroy the ticket.

Security

To delete a credentials cache, the user must be the owner of the file or must be a root (uid 0) user.

Examples

  1. To delete the default credentials cache for the user, type: 
    kdestroy
  2. To delete all credentials cache with expired tickets older than one day, type: 
    kdestroy -e 1d

Files

Files
Item Description
/usr/krb5/bin/kdestroy  
/var/krb5/security/creds/krb5cc_[uid] default credentials cache ([uid] is the UID of the user.)