On Mon, Jul 16, 2012 at 12:48 PM, Aravind Jerubandi <[email protected]> wrote: > Recently we deleted large number of records and currently we have 0.95M > user accounts. But the principal file size is still 4.4G. > > Looks like KDC does not delete the principals from the database file, but > just disables it. Is there a way to permanently delete the principals and > reduce the principal file size?
What actually happens is that freeing space in the DB file does not result in the file shrinking in size. The reason is that the space freed is not necessarily at the end of the file, and compacting the file would impose a long wait. If you want to reclaim that space just dump and reload the KDB. > (the number of accounts info is taken from the attribute value 'Reference > count' which we get with the 'get_policy' command) IIRC there are (were?) races in the updating of the policy reference counts, so those may not be accurate. Also, this doesn't tell you anything about principals with no policy. Nico -- ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
