HP UX Kerberos Data Security Software manual Extracting Service Keys

Extracting Service Keys

Unlike users who type their password using a keyboard, a service

principal needs to have its secret key automatically available during

authentication. Therefore, store the secret key for the service principals

on the host where the service is located, in the service key table called

the v5srvtab file.

The service key table, v5srvtab, contains service principal names and

their corresponding keys. Typically, secret keys are randomly generated

for the service key table file on the host system where the service resides.

Therefore, the key can be obtained from the service key table when the

service is invoked.

You must have administrative permissions to add and delete principals

to extract the principal key to the service key table.

To extract principal keys securely to the service key table, complete the

following steps:

Step

1.

Log on to the host system where the service is located, or connect to the

remote host using the telnet <host_name> command.

Step

2.

Launch the remote administrator, HP Kerberos Administrator, and log

on using a principal account that has the required administrative

permissions.

Step

3.

In the HP Kerberos Administrator window, choose the Principals tab

and select the realm of the principal.

Step

4.

Click List All or Search to find the principal.

Step

5.

Select the principal name from List of Principals and click Edit. The

Principal Information window displays as shown in Figure 8-2.

Step

6.

Select Principal Information>Edit>Extract Service Key to display

the Extract Service Key to Service Key Table window. (Figure 8-9).

Step

7.

In the Extract Service Key to Service Key Table window, type the path

and file name for the service key file in the Service Key Table

Information box.

178

Chapter 8