Removing Entries from Keytab Files
You can remove entries from a keytab file by using the dcecp keytab remove command. When you use this command, you must supply the name of the keytab file's dced object.
When you use the keytab remove command, you must supply the name of the keytab file and the name of the principal (or a list of principals) for which to delete keys.
You can also supply the -version option to specify the version number of the key or keys to be deleted and the -type option to specify the type of keys to be deleted (plain for plain text keys or des for DES encrypted keys). If you use the -version or -type options, only keys of the specified version or type will be deleted.
The following command removes all DES keys for the principal svr_2 in the keytab file /.:/hosts/foo/config/keytab/kfile_3:
dcecp> keytab remove /.:/hosts/foo/config/keytab/kfile_3 \
> -members svr_2 -type des
dcecp>