Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

ncdestroy(1) [osx man page]

NCDESTROY(1)						    BSD General Commands Manual 					      NCDESTROY(1)

NAME
ncdestroy -- Destroy kernel NFS credentials SYNOPSIS
ncdestroy [-v] [-P] [path [path...]] DESCRIPTION
ncdestroy invalidates the caller's kernel GSS credentials for any of the specified path's associated NFS mounts. If no paths are specified then all the caller's associated credentials for all NFS file systems are destroyed. When a nfs file system is mounted using a GSS mechanism (currently only Kerberos is supported) through the ``sec='' option or by the export specified on the server, the resulting session context is stored in a table for each mount. If the user decides to finish his or her session or chooses to use a different credential, then ncdestroy can be called to invalidate those credentials in the kernel. New credentials can be obtain (typically by calling kinit) and those credentials can be used when accessing the mount. The options are as follows: -v Be verbose and show what file system is being operated on and any resulting errors. -P If the trailing component resolves to a symbolic link do not resolve the link but use the current path to determine any associate NFS file system. EXAMPLES
If leaving for the day: $ kdestroy -A $ ncdestroy Lets say a user does $ kinit user@FOO.COM And through the automounter access a path /Network/Serves/someserver/Sources/foo/bar where the mount of /Network/Servers/some- server/Sources/foo was done with user@FOO.COM. $ cat /Network/Servers/someserver/Sources/foo/bar cat: /Network/Servers/someserver/Sources/foo/bar: Permission denied The user realizes that in order to have access on the server his identity should be user2@BAR.COM. So: $ kdestroy -A $ kinit user2@BAR.COM $ ncdestroy /Network/Servers/someserver/Sources/foo Now the local user can access bar NOTES
In the above example the user destroyed all credentials so the only credential to choose was new credential user2@BAR.COM. However, if accessing the server with user@FOO.COM was done by getting a cross realm TGT to obtain the service ticket nfs/some.server.fqdn@BAR.COM, then it won't be necessary to use kdestroy. The GSS infrastructure will prefer to use credentials in the same realm as the service. DIAGNOSTICS
The ncdestroy command will exit with 1 if any of the supplied paths don't exist. If all paths exist or no paths are given the exit status will be 0. SEE ALSO
kinit(1), kdestroy(1), mount_nfs(8) BUGS
There should be an option to kdestroy to destroy cached nfs contexts. BSD
December 10, 2012 BSD

Check Out this Related Man Page

kdestroy(1)                                                        User Commands                                                       kdestroy(1)

NAME
kdestroy - destroy Kerberos tickets SYNOPSIS
/usr/bin/kdestroy [-q] [-c cache_name] DESCRIPTION
The kdestroy utility destroys the user's active Kerberos authorization tickets by writing zeros to the specified credentials cache that contains them. If the credentials cache is not specified, the default credentials cache is destroyed. If the credentials cache does not exist, kdestroy displays a message to that effect. After overwriting the cache, kdestroy removes the cache from the system. The utility displays a message indicating the success or failure of the operation. If kdestroy is unable to destroy the cache, it will warn you by making your terminal beep. If desired, you can place the kdestroy command in your .logout file so that your tickets are destroyed automatically when you logout. OPTIONS
The following options are supported: -c cache_name Uses cache_name as the credentials (ticket) cache name and location. If this option is not used, the default cache name and location are used. -q Runs quietly. Your terminal will not beep when kdestroy fails to destroy the tickets. ENVIRONMENT VARIABLES
kdestroy uses the following environment variable: KRB5CCNAME Location of the credentials (ticket) cache. See krb5envvar(5) for syntax and details. FILES
/tmp/krb5cc_uid Default credentials cache (uid is the decimal UID of the user). ATTRIBUTES
See attributes(5) for descriptions of the following attributes: +-----------------------------+-----------------------------+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | +-----------------------------+-----------------------------+ |Availability |SUNWkrbu | +-----------------------------+-----------------------------+ |Interface Stability |Evolving | +-----------------------------+-----------------------------+ |Command arguments |Evolving | +-----------------------------+-----------------------------+ |Command output |Unstable | +-----------------------------+-----------------------------+ SEE ALSO
kinit(1), klist(1), attributes(5), krb5envvar(5), SEAM(5) BUGS
Only the tickets in the specified credentials cache are destroyed. Separate ticket caches are used to hold root instance and password changing tickets. These files should probably be destroyed too, or all of a user's tickets should be kept in a single credential cache. AUTHORS
Steve Miller, MIT Project Athena/Digital Equipment Corporation; Clifford Neuman, MIT Project Athena Bill Sommerfeld, MIT Project Athena SunOS 5.10 30 Apr 2004 kdestroy(1)
Man Page

Featured Tech Videos