Installing, Configuring and Administering the Kerberos Server V 2.0 on HP-UX 11i
Propagation
Service Key Table (v5srvtab)
Chapter 7210
Service Key Table (v5srvtab)
The Service key table file (v5srvtab) contains service principal
names with their corresponding secret keys. This file must be stored on
the system that hosts the service or application that requires an
extracted key. Secured application servers use the keys in this file to
decrypt data packets that the security server encrypts using a copy of the
same key.
Maintaining Secret Keys In The Key Table File
Secret keys for service principals are randomly generated keys stored in
the service key table on the service principal’s host. Periodically, the
secret keys for many service principals should be changed and the old
keys must be deleted. This requires generating a new random key,
extracting the new key to the service key table file on the service’s host,
and deleting the older keys. We recommend performing these processes
atleast once a month. This reduces the risk of compromising the security
of the keys.
Extracting a Key to the Service Key Table File
Keys can be extracted only by a principal whose accounthas the required
administrative permissions. To extract a key to the service key table file
on the service’s host, the principal must log on to the host system where
the service resides and use either the Administrator or the
Command-Line-Administrator.
Using the Administrator:
Step 1. Select the principal for which you want to extract the key
Step 2. Click on Edit. The Principal Information window is displayed.
Step 3. Select Edit -> Extract To Service Key Table. The Extract to
Service Key Table Window is displayed.
For more information on extracting a key to the Service Key Table File,
refer to “Extracting Service Keys” on page 151.
Using the Command-Line-Administrator:
Step 1. Use the ext command to extract the service key