Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 Kerberos Server Version 3.12 Administrator's Guide: HP-UX 11i v3 > Chapter 8 Administering the Kerberos Server

Extracting Service Keys
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

Unlike users who type their password using a keyboard, a service principal needs to have its secret key automatically available during authentication. Therefore, store the secret key for the service principals on the host where the service is located, in the service key table called the v5srvtab file.

The service key table, v5srvtab, contains service principal names and their corresponding keys. Typically, secret keys are randomly generated for the service key table file on the host system where the service resides. Therefore, the key can be obtained from the service key table when the service is invoked.

You must have administrative permissions to add and delete principals to extract the principal key to the service key table.

To extract principal keys securely to the service key table, complete the following steps:

  1. Log on to the host system where the service is located, or connect to the remote host using the telnet <host_name> command.

  2. Launch the remote administrator, HP Kerberos Administrator, and log on using a principal account that has the required administrative permissions.

  3. In the HP Kerberos Administrator window, choose the Principals tab and select the realm of the principal.

  4. Click List All or Search to find the principal.

  5. Select the principal name from List of Principals and click Edit. The Principal Information window displays as shown in Figure 8-2 “Principal Information Window”.

  6. Select Principal Information>Edit>Extract Service Key to display the Extract Service Key to Service Key Table window. (Figure 8-9 “Extract Service Key Table Window”).

  7. In the Extract Service Key to Service Key Table window, type the path and file name for the service key file in the Service Key Table Information box.

    If you change the default name and location to a different name and location than the programs of the Kerberos server, you must edit the settings to indicate the new location of the service key table file.

  8. Select the Generate New Random Key before Extracting option. HP recommends that you select this option for increased security because it generates a new random key before the principal and key are extracted to the service key table.

  9. Click OK to extract the principal and its key to the service key table. If a service key table file does not exist in the selected directory, a new file is created. You cannot create a service key if the selected directory does not exist.

Consider the following points while extracting principal keys to the service key table:

  • HP recommends that you re-extract all the service keys once a month, thereby changing the keys and reducing the risk of compromise to the keys.

  • If the host system contains more than one service principal account, extract the service key for each principal individually.

  • The extracted key is appended to an existing service key table file. If the extracted key has the same principal name as an existing table entry, the old key is overwritten with the new extracted key.

  • Extracting a random key may modify the salt types of the principal whose key is being extracted. This is a normal side effect of generating a random key because a random key implies a salt type of v5 (none).



Deleting a Service Principal
  		 


Extracting a Service Key Table  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2007 Hewlett-Packard Development Company, L.P.