Filter
Top Products
Administering the Kerberos Server
Extracting Service Keys
Chapter 8 179
If you change the default name and location to a different name and
location than the programs of the Kerberos server, you must edit the
settings to indicate the new location of the service key table file.
Step 8. Select the Generate New Random Key before Extracting option. HP
recommends that you select this option for increased security because it
generates a new random key before the principal and key are extracted
to the service key table.
Step 9. Click OK to extract the principal and its key to the service key table. If a
service key table file does not exist in the selected directory, a new file is
created. You cannot create a service key if the selected directory does not
exist.
Consider the following points while extracting principal keys to the
service key table:
• HP recommends that you re-extract all the service keys once a
month, thereby changing the keys and reducing the risk of
compromise to the keys.
• If the host system contains more than one service principal account,
extract the service key for each principal individually.
• The extracted key is appended to an existing service key table file. If
the extracted key has the same principal name as an existing table
entry, the old key is overwritten with the new extracted key.
• Extracting a random key may modify the salt types of the principal
whose key is being extracted. This is a normal side effect of
generating a random key because a random key implies a salt type of
v5 (none).