Keytab is a file containing pairs of kerberos usernames and their respective keys which are generated from the user's passwords. It lets the user to generate tickets without having to type his password. It is particularly useful to allow scripts to get kerberos tickets without writing the password in plain text anywhere. Keytab files must be used very carefully because anybody who can read the file can use it to generate tickets.
Generate keytab file
ktutil -k name.keytab add -p username@realm.bla.bla -e arcfour-hmac-md5 -e des-cbc-md5 -e des-cbc-md4 -e des-cbc-crc -e des3-cbc-sha1 -e aes128-cts-hmac-sha1-96
To use the tickets in keytab file
kinit -kt name.keytab username@REALM.BLA
See the tickets in keytab file
ktutil -k name.keytab list
Keys inside a keytab file will become invalid if the user changes his password.
Generate keytab file
ktutil -k name.keytab add -p username@realm.bla.bla -e arcfour-hmac-md5 -e des-cbc-md5 -e des-cbc-md4 -e des-cbc-crc -e des3-cbc-sha1 -e aes128-cts-hmac-sha1-96
To use the tickets in keytab file
kinit -kt name.keytab username@REALM.BLA
See the tickets in keytab file
ktutil -k name.keytab list
Keys inside a keytab file will become invalid if the user changes his password.
No comments:
Post a Comment