| Where allowed to run: All environments (*ALL) Threadsafe: No |
Parameters Examples Error messages |
The Remove Kerberos Keytab Entry (RMVKRBKTE) command is used to remove an entry from the keytab file for a specified principal name. A principal name consists of the user name or service name and the name of the realm in which that user or service belongs. If a principal name and version number match an existing keytab entry, the entry is removed.
Restrictions:
The Network Authentication Service Commands and APIs support job environments for most EBCDIC CCSIDs. CCSID 290 and 5026 are not supported because of the variance of lower-case letters a to z.
| Top |
| Keyword | Description | Choices | Notes |
|---|---|---|---|
| PRINCIPAL | Principal | Element list | Required, Positional 1 |
| Element 1: Name | Character value | ||
| Element 2: Realm | Character value, *DFT | ||
| KEYTABFILE | Keytab file | Path name, *DFT | Optional |
| Top |
Specifies the principal name of a user or service principal on a host name in a Kerberos network. The principal and key pairs in the keytab file allow services running on the host to be authenticated by a Key Distribution Center (KDC). All the principals are added to the Kerberos server which maintains a database of all users and services within a Kerberos realm.
This is a required parameter.
Element 1: Name
Specifies the principal name or service principal on a specified host name.
The Kerberos principal has a minimum length of 1 character and a maximum length of 256 characters. Valid characters are case sensitive and include all alpha-numeric characters (a-z, A-Z, 0-9) and any printable ASCII character. The principal name format is taken from the Kerberos 5 GSS-API mechanism (RFC 1964).
Special characters allowed:
/ - delimit name components.
Element 2: Realm
Specifies the realm in which the Kerberos user is registered and in which initial authentication took place.
The name has a minimum length of 1 character and a maximum length of 256 characters. Valid characters are case sensitive and include all alpha-numeric characters (a-z, A-Z, 0-9) and any printable ASCII character. The principal name format is taken from the Kerberos 5 GSS-API mechanism (RFC 1964).
Special characters allowed:
@ - start realm.
| Top |
Specifies the Kerberos keytab file where the group of principals and its keys are stored.
| Top |
Example 1: Removing a Single Keytab Entry
RMVKRBKTE PRINCIPAL(krbsvr400/my.gmyco.com *DFT)
VERSION(1) KEYTABFILE(*DFT)
This command removes the keytab entry for the principal my.gmyco.com that has a version number of 1 that is stored in the default keytab file.
Example 2: Removing All the Keytab Entries
RMVKRBKTE PRINCIPAL(krbsvr400/my.gmyco.com *DFT)
VERSION(*ALL) KEYTABFILE(*DFT)
This command removes all the entries for the principal my.gmyco.com stored in the default keytab file.
| Top |
*ESCAPE Messages
| Top |