29.4. Removing Keytabs
Removing a keytab and creating a new keytab is necessary for example when you unenroll and re-enroll a host or when you experience Kerberos connection errors.
To remove all keytabs on a host, use the
ipa-rmkeytab
utility, and pass these options:
--realm
(-r
) to specify the Kerberos realm--keytab
(-k
) to specify the path to the keytab file
# ipa-rmkeytab --realm EXAMPLE.COM --keytab /etc/krb5.keytab
To remove a keytab for a specific service, use the
--principal
(-p
) option to specify the service principal:
# ipa-rmkeytab --principal ldap/client.example.com --keytab /etc/krb5.keytab