Propagating the Kerberos Server
Service Key Table
To extract the principal <principal_name> to a local service key table file, SrvTab, type kadmin at the
Following is a sample output for the ext command:
command: ext
Name of Principal (host/fqdn@REALM): <Principal Name>
Service Key Table File Name (/opt/krb5/v5srvtab): <SrvTab> Principal modified
Key extracted
Creating a New Service Key Table FileEach secured daemon requires a service principal account. You must extract the key of the principal to the service key table file. When you create a new service key table file, you must consider the number of daemons that reside on the system.
When you are creating a new service key table file, consider the following:
•Ensure that a single key table file is readable only by one user account. Do not set the
•For a host/principal, you must use the default key table name, /opt/krb5/v5srvtab, and this must be owned by the root user.
•If some secured daemons on a single system run under the same UNIX® account, you can store more than one key in a given key table file.
•If secured daemons on one system run as more than one UNIX account, you must create one key table file for each UNIX account used by one of the secured daemons on the local system. To do this, use the ktutil command.
For more information on the ktutil command, type man 1 ktutil at the
To remove principal entries from the service key table file, use the ktutil command. For more information on the ktutil command, type man 1 ktutil at the
Chapter 9 | 245 |