Installing, Configuring and Administering the Kerberos Server V 2.0 on HP-UX 11i
Administration
Extracting Service Keys
Chapter 6152
Step 8. Select Generate New Random Key before Extracting. This option is
recommended for increased security as it generates a new random key
before the principal and key are extracted to the service key table.
Step 9. Click OK to extract the principal and its key to the service key table. If a
service key table file does not exist in the selected directory, then a new
file is created. A service key table file cannot be created if the selected
directory does not exist.
Note the following:
• We recommend re-extracting all service keys once a month, thereby
changing the keys and reducing the risk of compromise to the keys.
• If more than one service principal account resides on the host
system, you must extract the service key for each principal
individually.
• The extracted key is appended to an existing service key table file. If
the extracted key has the same principal name as an existing table
entry, the older is overwritten with the new extracted key.
• Extracting a random key may modify the salt types of the principal
whose key is being extracted. This is a normal side effect of
generating a random key since a random key implies a salt type of v5
(none).