How to programmatically clear the Kerberos cache cache

Question

How to programmatically clear the Kerberos cache cache

Does anyone know how to clear the Kerberos cache cache on the local computer - using managed \ unmanaegd code?

Thanks in advance!

+7

c ++ c # windows kerberos

rkellerm Feb 15 '10 at 14:13

source share

4 answers

The easiest way is to take the Microsoft KList source code (included in the SDK \ Samples platform) and do the same ...

+1

rkellerm Mar 23 '10 at 9:38

source share

There is an example of “managed C #” for cleaning kerberos tickets using pInvoke at https://github.com/ErtiEelmaa/StackOverflow/blob/master/GroupPolicyUtilities.cs

Copy / paste is too long here. It took some time since the structures in pInvoke were invalid (for example, someone, although C ++ LONG is equal to C # LONG and yada-yada), however I tested this and it worked for me.

In addition, I noticed that there are several errors in PurgeTicket on the Windows 2003 klist.c server:

it does not clear the answer
it double-checks the same “RESULT” instead of checking “RESULT” and then “SUB-RESULT”

+1

Erti-Chris Eelmaa Sep 14 '14 at 16:07

source share

Simple, stupid way:

system("kdestroy");

Or, if you want to be more legit, just check the source of the kdestroy implementation. krb5_cc_destroy() seems to be the corresponding function call.

0

John zwinck Feb 15 '10 at 16:32

source share

Christopher G. Lewis · Accepted Answer · 2010-02-16T04:51:23+0000

It seems to me that you need to call LsaCallAuthenticationPackage with KERB_PURGE_TKT_CACHE_REQUEST after using LsaConnectUntrusted or LsaRegisterLogonProcess . Sorry, no specifics, but I don't have my code for this around ...

How to programmatically clear the Kerberos cache cache

More articles: