![[Return to Library]](../books.gif)
![[Contents]](../toc.gif)
![[Previous Topic]](../prev.gif)
![[Bottom of Topic]](../bot.gif)
![[Next Topic]](../next.gif)
![[Index]](../index.gif)
Purpose
Removes a server encryption key from the /usr/afs/etc/KeyFile file
Synopsis
bos removekey -server <machine name> -kvno <key version number>+
[-cell <cell name>] [-noauth] [-localauth] [-help]
bos removek -s <machine name> -k <key version number>+
[-c <cell name>] [-n] [-l] [-h]
Description
The bos removekey command removes each specified encryption key from the /usr/afs/etc/KeyFile file on the machine named by the -server argument. Use the -kvno argument to identify each key by its key version number; use the bos listkeys command to display the key version numbers.
Cautions
Before removing a obsolete key, verify that the cell's maximum ticket lifetime has passed since the current key was defined using the kas setpassword and bos addkey commands. This ensures that no clients still possess tickets encrypted with the obsolete key.
Options
In cells that run the United States edition of AFS and use the Update Server to distribute the contents of the /usr/afs/etc directory, it is conventional to specify only the system control machine as a value for the -server argument. In cells that run the international version of AFS, repeat the command for each file server machine. For further discussion, see the introductory reference page for the bos command suite.
Examples
The following command removes the keys with key version numbers 5 and 6 from the KeyFile file on the system control machine fs1.abc.com.
% bos removekey -server fs1.abc.com -kvno 5 6
Privilege Required
The issuer must be listed in the /usr/afs/etc/UserList file on the machine named by the -server argument, or must be logged onto a server machine as the local superuser root if the -localauth flag is included.
Related Information
![[Top of Topic]](../top.gif)