Reputation: 5512
How to programmatically clear the Kerberos ticket cache
Does anyone know how to clear out the Kerberos ticket cache on the local computer - using managed \ unmanaegd code?
Thanks in advance!
Upvotes: 8
Views: 5069
Answers (4)
Reputation: 26268
There is a "managed C#" example of purging kerberos tickets using pInvoke at https://github.com/ErtiEelmaa/StackOverflow/blob/master/GroupPolicyUtilities.cs
Way too long to copy/paste here. It took some time since structures in pInvoke were invalid(eg someone though C++ LONG is equal to C# LONG and yada-yada), however, I've tested this one, and it worked for me.
Also, I noticed that the Windows server 2003 klist.c has few bugs in PurgeTicket:
- it does not clean up the response
- it double-checks the same "RESULT", instead of checking "RESULT" and then "SUB-RESULT"
Upvotes: 2
Reputation: 5512
The most simple way is to take the source code of Microsoft's KList (Included in the platform SDK\ Samples), and to do like them...
Upvotes: 2
Reputation: 4836
I believe you need to do a call to LsaCallAuthenticationPackage using KERB_PURGE_TKT_CACHE_REQUEST after using either LsaConnectUntrusted or LsaRegisterLogonProcess. Sorry no specifics, but I don't have my code for this around...
Upvotes: 5
Reputation: 249223
The simple, stupid way:
system("kdestroy");
Or if you want to be more legit, just check out the source of a kdestroy implementation. krb5_cc_destroy() seems to be the relevant function call.
Upvotes: 0
Related Questions
- How can I renew Kerberos Ticket in Windows?
- Kerberos: kinit on Windows 8.1 leads to empty ticket cache
- Windows API to get information about cached Kerberos tickets
- Cannot get cached Kerberos tickets
- Kerboros cached ticket deleted after using Windows lock screen
- How do you set the Kerberos ticket lifetime from Java?
- Change Kerberos ticket cache location for java
- Checking if Kerberos tickets exist in cache
- How to clear IIS Windows Authentication cache in C#
- Generate kerberos ticket using .NET