|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
<html xmlns="http://www.w3.org/1999/xhtml">
|
|
Packit |
fd8b60 |
<head>
|
|
Packit |
fd8b60 |
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|
Packit |
fd8b60 |
<title>keytab — MIT Kerberos Documentation</title>
|
|
Packit |
fd8b60 |
<link rel="stylesheet" href="../_static/agogo.css" type="text/css" />
|
|
Packit |
fd8b60 |
<link rel="stylesheet" href="../_static/pygments.css" type="text/css" />
|
|
Packit |
fd8b60 |
<link rel="stylesheet" href="../_static/kerb.css" type="text/css" />
|
|
Packit |
fd8b60 |
<script type="text/javascript">
|
|
Packit |
fd8b60 |
var DOCUMENTATION_OPTIONS = {
|
|
Packit |
fd8b60 |
URL_ROOT: '../',
|
|
Packit |
fd8b60 |
VERSION: '1.18.2',
|
|
Packit |
fd8b60 |
COLLAPSE_INDEX: false,
|
|
Packit |
fd8b60 |
FILE_SUFFIX: '.html',
|
|
Packit |
fd8b60 |
HAS_SOURCE: true,
|
|
Packit |
fd8b60 |
SOURCELINK_SUFFIX: '.txt'
|
|
Packit |
fd8b60 |
};
|
|
Packit |
fd8b60 |
</script>
|
|
Packit |
fd8b60 |
<script type="text/javascript" src="../_static/jquery.js"></script>
|
|
Packit |
fd8b60 |
<script type="text/javascript" src="../_static/underscore.js"></script>
|
|
Packit |
fd8b60 |
<script type="text/javascript" src="../_static/doctools.js"></script>
|
|
Packit |
fd8b60 |
<link rel="author" title="About these documents" href="../about.html" />
|
|
Packit |
fd8b60 |
<link rel="index" title="Index" href="../genindex.html" />
|
|
Packit |
fd8b60 |
<link rel="search" title="Search" href="../search.html" />
|
|
Packit |
fd8b60 |
<link rel="copyright" title="Copyright" href="../copyright.html" />
|
|
Packit |
fd8b60 |
<link rel="next" title="replay cache" href="rcache_def.html" />
|
|
Packit |
fd8b60 |
<link rel="prev" title="Credential cache" href="ccache_def.html" />
|
|
Packit |
fd8b60 |
</head>
|
|
Packit |
fd8b60 |
<body>
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
accesskey="C">Contents |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
accesskey="P">previous |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
accesskey="N">next |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
accesskey="I">index |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
accesskey="S">Search |
|
|
Packit |
fd8b60 |
feedback
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
keytab¶
|
|
Packit |
fd8b60 |
A keytab (short for “key table”) stores long-term keys for one or more
|
|
Packit |
fd8b60 |
principals. Keytabs are normally represented by files in a standard
|
|
Packit |
fd8b60 |
format, although in rare cases they can be represented in other ways.
|
|
Packit |
fd8b60 |
Keytabs are used most often to allow server applications to accept
|
|
Packit |
fd8b60 |
authentications from clients, but can also be used to obtain initial
|
|
Packit |
fd8b60 |
credentials for client applications.
|
|
Packit |
fd8b60 |
Keytabs are named using the format type: value. Usually
|
|
Packit |
fd8b60 |
type is FILE and value is the absolute pathname of the file.
|
|
Packit |
fd8b60 |
The other possible value for type is MEMORY , which indicates a
|
|
Packit |
fd8b60 |
temporary keytab stored in the memory of the current process.
|
|
Packit |
fd8b60 |
A keytab contains one or more entries, where each entry consists of a
|
|
Packit |
fd8b60 |
timestamp (indicating when the entry was written to the keytab), a
|
|
Packit |
fd8b60 |
principal name, a key version number, an encryption type, and the
|
|
Packit |
fd8b60 |
encryption key itself.
|
|
Packit |
fd8b60 |
A keytab can be displayed using the klist command with the
|
|
Packit |
fd8b60 |
-k option. Keytabs can be created or appended to by extracting
|
|
Packit |
fd8b60 |
keys from the KDC database using the kadmin ktadd
|
|
Packit |
fd8b60 |
command. Keytabs can be manipulated using the ktutil and
|
|
Packit |
fd8b60 |
k5srvutil commands.
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
Default keytab¶
|
|
Packit |
fd8b60 |
The default keytab is used by server applications if the application
|
|
Packit |
fd8b60 |
does not request a specific keytab. The name of the default keytab is
|
|
Packit |
fd8b60 |
determined by the following, in decreasing order of preference:
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
The KRB5_KTNAME environment variable.
|
|
Packit |
fd8b60 |
The default_keytab_name profile variable in [libdefaults].
|
|
Packit |
fd8b60 |
The hardcoded default, DEFKTNAME.
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
Default client keytab¶
|
|
Packit |
fd8b60 |
The default client keytab is used, if it is present and readable, to
|
|
Packit |
fd8b60 |
automatically obtain initial credentials for GSSAPI client
|
|
Packit |
fd8b60 |
applications. The principal name of the first entry in the client
|
|
Packit |
fd8b60 |
keytab is used by default when obtaining initial credentials. The
|
|
Packit |
fd8b60 |
name of the default client keytab is determined by the following, in
|
|
Packit |
fd8b60 |
decreasing order of preference:
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
The KRB5_CLIENT_KTNAME environment variable.
|
|
Packit |
fd8b60 |
The default_client_keytab_name profile variable in
|
|
Packit |
fd8b60 |
[libdefaults].
|
|
Packit |
fd8b60 |
The hardcoded default, DEFCKTNAME.
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
On this page
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
keytab
|
|
Packit |
fd8b60 |
Default keytab
|
|
Packit |
fd8b60 |
Default client keytab
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
Table of contents
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
For users
|
|
Packit |
fd8b60 |
For administrators
|
|
Packit |
fd8b60 |
For application developers
|
|
Packit |
fd8b60 |
For plugin module developers
|
|
Packit |
fd8b60 |
Building Kerberos V5
|
|
Packit |
fd8b60 |
Kerberos V5 concepts
|
|
Packit |
fd8b60 |
Credential cache
|
|
Packit |
fd8b60 |
keytab
|
|
Packit |
fd8b60 |
replay cache
|
|
Packit |
fd8b60 |
stash file
|
|
Packit |
fd8b60 |
Supported date and time formats
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
Protocols and file formats
|
|
Packit |
fd8b60 |
MIT Kerberos features
|
|
Packit |
fd8b60 |
How to build this documentation from the source
|
|
Packit |
fd8b60 |
Contributing to the MIT Kerberos Documentation
|
|
Packit |
fd8b60 |
Resources
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
Search
|
|
Packit |
fd8b60 |
<form class="search" action="../search.html" method="get">
|
|
Packit |
fd8b60 |
<input type="text" name="q" size="18" />
|
|
Packit |
fd8b60 |
<input type="submit" value="Go" />
|
|
Packit |
fd8b60 |
<input type="hidden" name="check_keywords" value="yes" />
|
|
Packit |
fd8b60 |
<input type="hidden" name="area" value="default" />
|
|
Packit |
fd8b60 |
</form>
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
Release: 1.18.2
|
|
Packit |
fd8b60 |
© Copyright 1985-2020, MIT.
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
>Contents |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
>previous |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
>next |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
>index |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
>Search |
|
|
Packit |
fd8b60 |
feedback
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
</body>
|
|
Packit |
fd8b60 |
</html>
|