Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 Installing, Configuring and Administering the Kerberos Server V 2.0 on HP-UX 11i: HP 9000 Networking > Chapter 6 Administration

Extracting Service Keys
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

Unlike users who type their passwords at a keyboard, a service principal needs to have its secret key automatically available during authenticaton. This is done by storing the secret key for the service principal in a file called a service key table on the host where the service resides.

The service key table, v5srvtab, contains service principal names and their corresponding keys. Typically, secret keys are randomly generated for service key table file on the host system where the service resides so that the key can be obtained from the service key table when the service is invoked.

You must be assigned administrative permissions to add and delete principals to extract principal key to the service key table.

To securely extract principal keys to the service key table

  1. Either log on to the host system where the service resides or telnet to the host system.

  2. Launch the remote administrator, kadmin_ui, and log on using a principal account that has the required administrative permissions.

  3. In the kadmin_ui window, choose the Principals tab and select the principal's realm.

  4. Find the principal using the List All or Search button.

  5. Select the principal name from the List of Principals and click Edit. The Principal Information window appears.

  6. From the Edit menu in the Principal Information window select Extract Service Key. The Extract Service Key to Service Key Table window appears.

  7. Enter the path and file name for the service key file in the Name field. If you change from the default name and location, other that the Security Server's programs, settings must be edited to indicate the new location of the service key table file.

  8. Select Generate New Random Key before Extracting. This option is recommended for increased security as it generates a new random key before the principal and key are extracted to the service key table.

  9. Click OK to extract the principal and its key to the service key table. If a service key table file does not exist in the selected directory, then a new file is created. A service key table file cannot be created if the selected directory does not exist.

Note the following:

  • We recommend re-extracting all service keys once a month, thereby changing the keys and reducing the risk of compromise to the keys.

  • If more than one service principal account resides on the host system, you must extract the service key for each principal individually.

  • The extracted key is appended to an existing service key table file. If the extracted key has the same principal name as an existing table entry, the older is overwritten with the new extracted key.

  • Extracting a random key may modify the salt types of the principal whose key is being extracted. This is a normal side effect of generating a random key since a random key implies a salt type of v5 (none).



Deleting a Service Principal
  		 


Extract Service Key Table window  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2002 Hewlett-Packard Development Company, L.P.