To remove all obsolete keys from a keytab file, do the following:
1. Verify that you have the necessary privilege to issue the command. You must be included in the admin.bos list on the machine on which the keytab file to be affected is located. If necessary, issue the bos lsadmin command to check the admin.bos list on the appropriate machine.
2. Remove obsolete keys (those keys that are no longer in use) from the keytab file with the bos gckeys command:
$ bos gckeys -server machine [-principal name]
The -principal name option is the principal name for which obsolete keys are to be removed from the keytab file. The default is the DFS principal name of the machine specified with -server.