Filter
Top Products
Propagating the Kerberos Server
Service Key Table
Chapter 9244
Service Key Table
The /krb5/v5srvtab file is the service key table file that contains
service principal names with their corresponding secret keys. You must
store this file on the system that hosts the service or application, which
requires an extracted key. Secured application servers use the keys in
this file to decrypt data packets, which the security server encrypts,
using a copy of the same key.
Maintaining Secret Keys in the Key Table File
Secret keys for service principals are randomly generated keys stored in
the service key table on the host of the service principal. Periodically, you
must change the secret keys for many service principals and delete the
old keys. This requires generating a new random key, extracting the new
key to the service key table file on the host of the service, and deleting
the older keys. HP recommends that you perform these processes at least
once a month. This reduces the risk of compromising the security of the
keys.
Extracting a Key to the Service Key Table File
Only a principal whose account has the required administrative
permissions can extract the keys. To extract a key to the service key
table file on the host of the service, the principal must log on to the host
system where the service resides and use the Administrator or the
command-line administrator.
To extract a key to the service key table file using the Administrator,
complete the following steps:
Step 1. Select the principal for which you want to extract the key.
Step 2. Click Edit. The Principal Information window displays.
Step 3. Select the Edit>Extract To Service Key Table option. The Extract to
Service Key Table Window displays.
For more information on extracting a key to the service key table file, see
“Extracting Service Keys” on page 178.