Filter
Top Products
Propagating the Kerberos Server
Service Key Table
Chapter 9 245
To extract the principal <principal_name> to a local service key table
file, SrvTab, type kadmin at the HP-UX prompt and specify the ext
command, the principal name, and the service key table file name.
Following is a sample output for the ext command:
command: ext
Name of Principal (host/fqdn@REALM): <Principal Name>
Service Key Table File Name (/opt/krb5/v5srvtab): <SrvTab>
Principal modified
Key extracted
Creating a New Service Key Table File
Each secured daemon requires a service principal account. You must
extract the key of the principal to the service key table file. When you
create a new service key table file, you must consider the number of
daemons that reside on the system.
When you are creating a new service key table file, consider the
following:
• Ensure that a single key table file is readable only by one user
account. Do not set the read-write-execute permissions to a group or
world.
• For a host/principal, you must use the default key table name,
/opt/krb5/v5srvtab, and this must be owned by the root user.
• If some secured daemons on a single system run under the same
UNIX account, you can store more than one key in a given key
table file.
• If secured daemons on one system run as more than one UNIX
account, you must create one key table file for each UNIX account
used by one of the secured daemons on the local system. To do this,
use the ktutil command.
For more information on the ktutil command, type man 1 ktutil
at the HP-UX prompt.
Deleting Older Keys from the Service Key Table File
To remove principal entries from the service key table file, use the
ktutil command. For more information on the ktutil command, type
man 1 ktutil at the HP-UX prompt.