Filter
Top Products
Administering the Kerberos Server
Manual Administration Using kadmin
Chapter 8 207
Extracting a Principal
The ext command securely extracts the key of the principal into a local
service key table file. By default, the host/fqdn@REALM principal is
extracted into the v5srvtab file, where fqdn is the fully qualified domain
name of the host system.
If the principal does not exist in the principal database, it is added with
the name that you have specified. If the service key table file does not
exist, it is created with the name that you have specified.
If the principal exists, kadmin resets the key version to 1 by overwriting
the previous key and extracting the key that is created using a new
password and no salt key. To extract the key without any modifications,
use the -n option.
The general syntax for extracting a principal and a key to a local service
key table file is as follows:
command: ext
For example, to extract the principal admin to a local service key table
file, SrvTab, type kadmin at the HP-UX prompt and specify the ext
command, the principal name, and the service key table file name.
Following is a sample output for the ext command:
command: ext
Name of Principal (host/fqdn@REALM): admin
Service Key Table File Name (/opt/krb5/v5srvtab):/opt/SrvTab
Principal modified
Key extracted
The optional parameters are as follows:
[-n] Extracts the key for an existing principal without
changing the key or the salt type.
[-p keytype] Defines the key type for the primary key, and extracts
it to the service key table file. Supported values for
keytype are 1 for DES-CRC, 3 for DES-MD5, and 5 for
3DES.
[-a keytype] Defines the key type for the secondary key, and extracts
it to the service key table file.
Supported values for key type are 0 for no secondary
key, 1 for DES-CRC, 3 for DES-MD5, and 5 for 3DES.