Administering the Kerberos Server
Extracting Service Keys
Chapter 8178
Extracting Service Keys
Unlike users who type their password using a keyboard, a service
principal needs to have its secret key automatically available during
authentication. Therefore, store the secret key for the service principals
on the host where the service is located, in the service key table called
the v5srvtab file.
The service key table, v5srvtab, contains service principal names and
their corresponding keys. Typically, secret keys are randomly generated
for the service key table file on the host system where the service resides.
Therefore, the key can be obtained from the service key table when the
service is invoked.
You must have administrative permissions to add and delete principals
to extract the principal key to the service key table.
To extract principal keys securely to the service key table, complete the
following steps:
Step 1. Log on to the host system where the service is located, or connect to the
remote host using the telnet
<host_name>
command.
Step 2. Launch the remote administrator, HP Kerberos Administrator, and log
on using a principal account that has the required administrative
permissions.
Step 3. In the HP Kerberos Administrator window, choose the Principals tab
and select the realm of the principal.
Step 4. Click List All or Search to find the principal.
Step 5. Select the principal name from List of Principals and click Edit. The
Principal Information window displays as shown in Figure 8-2.
Step 6. Select Principal Information>Edit>Extract Service Key to display
the Extract Service Key to Service Key Table window. (Figure 8-9).
Step 7. In the Extract Service Key to Service Key Table window, type the path
and file name for the service key file in the Service Key Table
Information box.
