Installing, Configuring and Administering the Kerberos Server V 2.0 on HP-UX 11i
Propagation
Service Key Table (v5srvtab)
Chapter 7 211
Step 2. command: ext
Name of Principal (host/fqdn@REALM): <Principal Name>
Service Key Table File Name (/opt/krb5/v5srvtab): <SrvTab>
Principal modified
Key extracted
Creating a New Service Key Table File
Each secured daemon requires a service principal account and the
principal’s key must be extracted to a service key table file. When you
create a new service key table file, you must consider the number of
daemons that reside on the system.
When you are creating a new service key table file, ensure that:
• A single key table file must be readable only by one user account. Do
not set the read-write-execute permissions to a group or world.
• For a host/principal, you must use the default key table name,
/opt/krb5/v5srvtab, and this must be owned by the root user.
• If some secured daemons on a single system run under the same
UNIX account, you can store more than one key in a given key table
file.
• If secured daemons on one system run as more than one UNIX
account, you must create one key table file for each UNIX account
used by one of the secured daemons on the local system. To do this,
use the ktutil command:
For more information on using the ktutil command, refer to the
ktutil manpage.
Deleting Older Keys From the Service Key Table File
To remove principal entries from the service key table file, use ktutil.
Refer to the ktutil manpage, for more information.