Administration

Extracting Service Keys

Step 8. Select Generate New Random Key before Extracting. This option is recommended for increased security as it generates a new random key before the principal and key are extracted to the service key table.

Step 9. Click OK to extract the principal and its key to the service key table. If a service key table file does not exist in the selected directory, then a new file is created. A service key table file cannot be created if the selected directory does not exist.

Note the following:

We recommend re-extracting all service keys once a month, thereby changing the keys and reducing the risk of compromise to the keys.

If more than one service principal account resides on the host system, you must extract the service key for each principal individually.

The extracted key is appended to an existing service key table file. If the extracted key has the same principal name as an existing table entry, the older is overwritten with the new extracted key.

Extracting a random key may modify the salt types of the principal whose key is being extracted. This is a normal side effect of generating a random key since a random key implies a salt type of v5 (none).

152

Chapter 6

Page 152
Image 152
HP UX Kerberos Data Security Software manual 152