Propagation
Service Key Table (v5srvtab)
Service Key Table (v5srvtab)
The Service key table file (v5srvtab) contains service principal names with their corresponding secret keys. This file must be stored on the system that hosts the service or application that requires an extracted key. Secured application servers use the keys in this file to decrypt data packets that the security server encrypts using a copy of the same key.
Maintaining Secret Keys In The Key Table File
Secret keys for service principals are randomly generated keys stored in the service key table on the service principal’s host. Periodically, the secret keys for many service principals should be changed and the old keys must be deleted. This requires generating a new random key, extracting the new key to the service key table file on the service’s host, and deleting the older keys. We recommend performing these processes atleast once a month. This reduces the risk of compromising the security of the keys.
|
| Extracting a Key to the Service Key Table File |
|
| Keys can be extracted only by a principal whose account has the required |
|
| administrative permissions. To extract a key to the service key table file |
|
| on the service’s host, the principal must log on to the host system where |
|
| the service resides and use either the Administrator or the |
|
| |
|
| Using the Administrator: |
Step | 1. | Select the principal for which you want to extract the key |
Step | 2. | Click on Edit. The Principal Information window is displayed. |
Step | 3. | Select Edit |
|
| Service Key Table Window is displayed. |
|
| For more information on extracting a key to the Service Key Table File, |
|
| |
|
| Using the |
Step | 1. | Use the ext command to extract the service key |
210 | Chapter 7 |