kdestroy

The Qshell command kdestroy destroys a Kerberos credentials cache.

Syntax

kdestroy [-c cache_name] [-e time_delta]

Default public authority: *USE

The Qshell command kdestroy destroys a Kerberos credentials cache.

Options

-c cache_name: The name of the credentials cache to be destroyed. If no command options are specified, the default credentials cache is destroyed. This option is mutually exclusive with the -e option.
-e time_delta: All credentials cache files that contain expired tickets are deleted if the tickets have been expired at least as long as the time_delta value.

Authorities

When the credentials cache is of type FILE (see krb5_cc_resolve() for more information about cache types), the default behavior is that the credentials cache file is created in the /QIBM/UserData/OS400/NetworkAuthentication/creds directory. The placement of the credentials cache file can be changed by setting the KRB5CCNAME environment variable.

If the credentials cache file does not reside in the default directory, the following authorities are required:

Object Referred to	Data Authority Required	Object Authority Required
Each directory in the path name preceding the credentials cache file	*X	None
Parent directory of the credentials cache file	*WX	None
Credentials cache file	*RW	*OBJEXIST
Each directory in the paths to the configuration files	*X	None
Configuration files	*R	None

If the credentials cache file resides in the default directory, the following authorities are required:

Object Referred to	Data Authority Required	Object Authority Required
All directories in the path name	*X	None
Credentials cache file	*RW	None
Each directory in the paths to the configuration files	*X	None
Configuration files	*R	None

To enable the Kerberos protocol to find your credentials cache file from any running process, the name of the cache file is normally stored in the home directory in a file named krb5ccname. A user wishing to use Kerberos authentication on the iSeries™ must have a home directory defined. By default the home directory is/home/. This file is used to find the default credentials cache if no command options are specified. The storage location of the cache file name can be overridden by setting the environment variable _EUV_SEC_KRB5CCNAME_FILE. To access this file, the user profile must have *X authority to each directory in the path and *R authority to the file where the cache file name is stored.

Messages

Unable to resolve credentials cache cache_file_name.
Unable to destroy credentials cache cache_file_name.
The function_name function detects an error.
Unable to retrieve ticket from credentials cache file_name.
The option_name option requires a value.
command_option is not a valid command option.
command_option_one and command_option_two may not be specified together.
No default credentials cache found.
Time delta value value is not valid.

For an example of how this command is used, see Delete expired credentials cache files.