Does anyone know how to clear out the Kerberos ticket cache on the local computer - using managed \ unmanaegd code?
Thanks in advance!
Add a comment |
4 Answers
I believe you need to do a call to LsaCallAuthenticationPackage using KERB_PURGE_TKT_CACHE_REQUEST after using either LsaConnectUntrusted or LsaRegisterLogonProcess. Sorry no specifics, but I don't have my code for this around...
answered Feb 16, 2010 at 4:51
Christopher G. Lewis
4,8531 gold badge30 silver badges46 bronze badges
4 Comments
rkellerm
Hi, It works excellent. In addition, is there a managed way to do that?
Christopher G. Lewis
Wrapping in pInvokes for managed code. See if these are at pInvoke.Net, if not, that site has got tons of information.
rkellerm
Yes, PInvoke works, but I wonder if there is a built in classes in the dot net framework to do that.
Shankar R10N
@rursw1 Please excuse the previous unrelated comment. This is the only way to contact users in SO :). I will remove it as I get Christopher_G_Lewis' response or by Aug 29.Please ping me if you want comment removed earlier than Aug 29.Thanks!
The most simple way is to take the source code of Microsoft's KList (Included in the platform SDK\ Samples), and to do like them...
Comments
There is a "managed C#" example of purging kerberos tickets using pInvoke at https://github.com/ErtiEelmaa/StackOverflow/blob/master/GroupPolicyUtilities.cs
Way too long to copy/paste here. It took some time since structures in pInvoke were invalid(eg someone though C++ LONG is equal to C# LONG and yada-yada), however, I've tested this one, and it worked for me.
Also, I noticed that the Windows server 2003 klist.c has few bugs in PurgeTicket:
- it does not clean up the response
- it double-checks the same "RESULT", instead of checking "RESULT" and then "SUB-RESULT"
1 Comment
rkellerm
Thank you - first for the reference (although it's PInvoke, so not exactly managed...) and second for MSFT's KList bugs. I'll check my code and fix the bugs if they are there.
The simple, stupid way:
system("kdestroy"); Or if you want to be more legit, just check out the source of a kdestroy implementation. krb5_cc_destroy() seems to be the relevant function call.
