Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 Installing, Configuring and Administering the Kerberos Server V 2.0 on HP-UX 11i: HP 9000 Networking > Chapter 7 Propagation

Service Key Table (v5srvtab)
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

The Service key table file (v5srvtab) contains service principal names with their corresponding secret keys. This file must be stored on the system that hosts the service or application that requires an extracted key. Secured application servers use the keys in this file to decrypt data packets that the security server encrypts using a copy of the same key.

Maintaining Secret Keys In The Key Table File

Secret keys for service principals are randomly generated keys stored in the service key table on the service principal's host. Periodically, the secret keys for many service principals should be changed and the old keys must be deleted. This requires generating a new random key, extracting the new key to the service key table file on the service's host, and deleting the older keys. We recommend performing these processes atleast once a month. This reduces the risk of compromising the security of the keys.

Extracting a Key to the Service Key Table File

Keys can be extracted only by a principal whose account has the required administrative permissions. To extract a key to the service key table file on the service's host, the principal must log on to the host system where the service resides and use either the Administrator or the Command-Line-Administrator.

Using the Administrator:

  1. Select the principal for which you want to extract the key

  2. Click on Edit. The Principal Information window is displayed.

  3. Select Edit -> Extract To Service Key Table. The Extract to Service Key Table Window is displayed.

For more information on extracting a key to the Service Key Table File, refer to “Extracting Service Keys”.

Using the Command-Line-Administrator:

  1. Use the ext command to extract the service key

  2. command: ext
    Name of Principal (host/fqdn@REALM): <Principal Name>
    Service Key Table File Name (/opt/krb5/v5srvtab): <SrvTab>
    Principal modified
    Key extracted

Creating a New Service Key Table File

Each secured daemon requires a service principal account and the principal's key must be extracted to a service key table file. When you create a new service key table file, you must consider the number of daemons that reside on the system.

When you are creating a new service key table file, ensure that:

  • A single key table file must be readable only by one user account. Do not set the read-write-execute permissions to a group or world.

  • For a host/principal, you must use the default key table name, /opt/krb5/v5srvtab, and this must be owned by the root user.

  • If some secured daemons on a single system run under the same UNIX account, you can store more than one key in a given key table file.

  • If secured daemons on one system run as more than one UNIX account, you must create one key table file for each UNIX account used by one of the secured daemons on the local system. To do this, use the ktutil command:

    For more information on using the ktutil command, refer to the ktutil manpage.

Deleting Older Keys From the Service Key Table File

To remove principal entries from the service key table file, use ktutil. Refer to the ktutil manpage, for more information.



Propagation Hierarchy
  		 


Propagation Tools  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2002 Hewlett-Packard Development Company, L.P.