1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
|
<html lang="en">
<head>
<title>Kerberos V5 System Administrator's Guide</title>
<meta http-equiv="Content-Type" content="text/html">
<meta name="description" content="Kerberos V5 System Administrator's Guide">
<meta name="generator" content="makeinfo 4.5">
<link href="http://www.gnu.org/software/texinfo/" rel="generator-home">
</head>
<body>
<div class="node">
<p>
Node:<a name="The%20Keytab%20File">The Keytab File</a>,
Previous:<a rel="previous" accesskey="p" href="Network-Services-and-the-Master-Database.html#Network%20Services%20and%20the%20Master%20Database">Network Services and the Master Database</a>,
Up:<a rel="up" accesskey="u" href="Network-Services-and-the-Master-Database.html#Network%20Services%20and%20the%20Master%20Database">Network Services and the Master Database</a>
<hr><br>
</div>
<h4 class="subsection">The Keytab File</h4>
<p>For each service, there must also be a <dfn>service key</dfn> known only by
Kerberos and the service. On the Kerberos server, the service key is
stored in the Kerberos database.
<p>On the server host, these service keys are stored in <dfn>key tables</dfn>,
which are files known as <dfn>keytabs</dfn>.<a rel="footnote" href="#fn-1"><sup>1</sup></a> For example, the service keys used by
services that run as root are usually stored in the keytab file
<code>/etc/krb5.keytab</code>. <b>N.B.:</b> This service key is the equivalent
of the service's password, and must be kept secure. Data which is meant
to be read only by the service is encrypted using this key.
<div class="footnote">
<hr>
<h4>Footnotes</h4>
<ol type="1">
<li><a name="fn-1"></a>
<p>Keytabs were called
<dfn>srvtabs</dfn> in Kerberos V4.</p>
</ol><hr></div>
</body></html>
|
