Propagation
Service Key Table (v5srvtab)
Step 2. command: ext
Name of Principal (host/fqdn@REALM): <Principal Name>
Service Key Table File Name (/opt/krb5/v5srvtab): <SrvTab> Principal modified
Key extracted
Creating a New Service Key Table File
Each secured daemon requires a service principal account and the principal’s key must be extracted to a service key table file. When you create a new service key table file, you must consider the number of daemons that reside on the system.
When you are creating a new service key table file, ensure that:
•A single key table file must be readable only by one user account. Do not set the
•For a host/principal, you must use the default key table name, /opt/krb5/v5srvtab, and this must be owned by the root user.
•If some secured daemons on a single system run under the same UNIX account, you can store more than one key in a given key table file.
•If secured daemons on one system run as more than one UNIX account, you must create one key table file for each UNIX account used by one of the secured daemons on the local system. To do this, use the ktutil command:
For more information on using the ktutil command, refer to the ktutil manpage.
Deleting Older Keys From the Service Key Table File
To remove principal entries from the service key table file, use ktutil. Refer to the ktutil manpage, for more information.
Chapter 7 | 211 |