| Administering the Kerberos Server |
| Extracting Service Keys |
| If you change the default name and location to a different name and |
| location than the programs of the Kerberos server, you must edit the |
| settings to indicate the new location of the service key table file. |
Step | 8. Select the Generate New Random Key before Extracting option. HP |
| recommends that you select this option for increased security because it |
| generates a new random key before the principal and key are extracted |
| to the service key table. |
Step | 9. Click OK to extract the principal and its key to the service key table. If a |
| service key table file does not exist in the selected directory, a new file is |
| created. You cannot create a service key if the selected directory does not |
| exist. |
| Consider the following points while extracting principal keys to the |
| service key table: |
•HP recommends that you
•If the host system contains more than one service principal account, extract the service key for each principal individually.
•The extracted key is appended to an existing service key table file. If the extracted key has the same principal name as an existing table entry, the old key is overwritten with the new extracted key.
•Extracting a random key may modify the salt types of the principal whose key is being extracted. This is a normal side effect of generating a random key because a random key implies a salt type of v5 (none).
Chapter 8 | 179 |