delete_principal does not delete the principal from the Database file
Aravind Jerubandi
aravind.jerubandi at gmail.com
Mon Jul 16 14:24:48 EDT 2012
Thanks for the prompt response.
Really appreciate it.
On Mon, Jul 16, 2012 at 10:59 AM, Nico Williams <nico at cryptonector.com>wrote:
> On Mon, Jul 16, 2012 at 12:48 PM, Aravind Jerubandi
> <aravind.jerubandi at gmail.com> wrote:
> > Recently we deleted large number of records and currently we have 0.95M
> > user accounts. But the principal file size is still 4.4G.
> >
> > Looks like KDC does not delete the principals from the database file, but
> > just disables it. Is there a way to permanently delete the principals and
> > reduce the principal file size?
>
> What actually happens is that freeing space in the DB file does not
> result in the file shrinking in size. The reason is that the space
> freed is not necessarily at the end of the file, and compacting the
> file would impose a long wait.
>
> If you want to reclaim that space just dump and reload the KDB.
>
> > (the number of accounts info is taken from the attribute value 'Reference
> > count' which we get with the 'get_policy' command)
>
> IIRC there are (were?) races in the updating of the policy reference
> counts, so those may not be accurate. Also, this doesn't tell you
> anything about principals with no policy.
>
> Nico
> --
>
--
Thanks & Regards,
J.Aravind
More information about the Kerberos
mailing list