source-git / krb5

Clone
Source Code
GIT

Blame doc/html/basic/keytab_def.html

c8 c8s master
  1.   fd8b6017209ca57f4265b0fbdec3143524e4cd5a
  2.   doc
  3.   html
  4.   basic
  5.   keytab_def.html
Blob History Raw
Packit fd8b60
Packit fd8b60
Packit fd8b60 
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
Packit fd8b60
Packit fd8b60 
<html xmlns="http://www.w3.org/1999/xhtml">
Packit fd8b60 
  <head>
Packit fd8b60 
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
Packit fd8b60 
    <title>keytab — MIT Kerberos Documentation</title>
Packit fd8b60 
    <link rel="stylesheet" href="../_static/agogo.css" type="text/css" />
Packit fd8b60 
    <link rel="stylesheet" href="../_static/pygments.css" type="text/css" />
Packit fd8b60 
    <link rel="stylesheet" href="../_static/kerb.css" type="text/css" />
Packit fd8b60 
    <script type="text/javascript">
Packit fd8b60 
      var DOCUMENTATION_OPTIONS = {
Packit fd8b60 
        URL_ROOT:    '../',
Packit fd8b60 
        VERSION:     '1.18.2',
Packit fd8b60 
        COLLAPSE_INDEX: false,
Packit fd8b60 
        FILE_SUFFIX: '.html',
Packit fd8b60 
        HAS_SOURCE:  true,
Packit fd8b60 
        SOURCELINK_SUFFIX: '.txt'
Packit fd8b60 
      };
Packit fd8b60 
    </script>
Packit fd8b60 
    <script type="text/javascript" src="../_static/jquery.js"></script>
Packit fd8b60 
    <script type="text/javascript" src="../_static/underscore.js"></script>
Packit fd8b60 
    <script type="text/javascript" src="../_static/doctools.js"></script>
Packit fd8b60 
    <link rel="author" title="About these documents" href="../about.html" />
Packit fd8b60 
    <link rel="index" title="Index" href="../genindex.html" />
Packit fd8b60 
    <link rel="search" title="Search" href="../search.html" />
Packit fd8b60 
    <link rel="copyright" title="Copyright" href="../copyright.html" />
Packit fd8b60 
    <link rel="next" title="replay cache" href="rcache_def.html" />
Packit fd8b60 
    <link rel="prev" title="Credential cache" href="ccache_def.html" />
Packit fd8b60 
  </head>
Packit fd8b60 
  <body>
Packit fd8b60
Packit fd8b60
Packit fd8b60
Packit fd8b60
Packit fd8b60 
            
MIT Kerberos Documentation
Packit fd8b60
Packit fd8b60
Packit fd8b60
Packit fd8b60
Packit fd8b60 
            accesskey="C">Contents |
Packit fd8b60
Packit fd8b60 
            accesskey="P">previous |
Packit fd8b60
Packit fd8b60 
            accesskey="N">next |
Packit fd8b60
Packit fd8b60 
            accesskey="I">index |
Packit fd8b60
Packit fd8b60 
            accesskey="S">Search |
Packit fd8b60 
    feedback
Packit fd8b60
Packit fd8b60
Packit fd8b60
Packit fd8b60
Packit fd8b60
Packit fd8b60
Packit fd8b60
Packit fd8b60
Packit fd8b60
Packit fd8b60
Packit fd8b60
Packit fd8b60
Packit fd8b60
Packit fd8b60 
keytab
Packit fd8b60 
A keytab (short for “key table”) stores long-term keys for one or more
Packit fd8b60 
principals.  Keytabs are normally represented by files in a standard
Packit fd8b60 
format, although in rare cases they can be represented in other ways.
Packit fd8b60 
Keytabs are used most often to allow server applications to accept
Packit fd8b60 
authentications from clients, but can also be used to obtain initial
Packit fd8b60 
credentials for client applications.
Packit fd8b60 
Keytabs are named using the format type:value.  Usually
Packit fd8b60 
type is FILE and value is the absolute pathname of the file.
Packit fd8b60 
The other possible value for type is MEMORY, which indicates a
Packit fd8b60 
temporary keytab stored in the memory of the current process.
Packit fd8b60 
A keytab contains one or more entries, where each entry consists of a
Packit fd8b60 
timestamp (indicating when the entry was written to the keytab), a
Packit fd8b60 
principal name, a key version number, an encryption type, and the
Packit fd8b60 
encryption key itself.
Packit fd8b60 
A keytab can be displayed using the klist command with the
Packit fd8b60 
-k option.  Keytabs can be created or appended to by extracting
Packit fd8b60 
keys from the KDC database using the kadmin ktadd
Packit fd8b60 
command.  Keytabs can be manipulated using the ktutil and
Packit fd8b60 
k5srvutil commands.
Packit fd8b60
Packit fd8b60 
Default keytab
Packit fd8b60 
The default keytab is used by server applications if the application
Packit fd8b60 
does not request a specific keytab.  The name of the default keytab is
Packit fd8b60 
determined by the following, in decreasing order of preference:
Packit fd8b60
    Packit fd8b60 
  1. The KRB5_KTNAME environment variable.
    		2.
    Packit fd8b60 
  2. The default_keytab_name profile variable in [libdefaults].
    		3.
    Packit fd8b60 
  3. The hardcoded default, DEFKTNAME.
    		4.
    Packit fd8b60
    Packit fd8b60
    Packit fd8b60
    Packit fd8b60 
    Default client keytab
    Packit fd8b60 
    The default client keytab is used, if it is present and readable, to
    Packit fd8b60 
    automatically obtain initial credentials for GSSAPI client
    Packit fd8b60 
    applications.  The principal name of the first entry in the client
    Packit fd8b60 
    keytab is used by default when obtaining initial credentials.  The
    Packit fd8b60 
    name of the default client keytab is determined by the following, in
    Packit fd8b60 
    decreasing order of preference:
    Packit fd8b60
      Packit fd8b60 
    1. The KRB5_CLIENT_KTNAME environment variable.
      		2.
      Packit fd8b60 
    2. The default_client_keytab_name profile variable in
      		3.
      Packit fd8b60 
      [libdefaults].
      Packit fd8b60 
    3. The hardcoded default, DEFCKTNAME.
      		4.
      Packit fd8b60
      Packit fd8b60
      Packit fd8b60
      Packit fd8b60
      Packit fd8b60
      Packit fd8b60
      Packit fd8b60
      Packit fd8b60
      Packit fd8b60
      Packit fd8b60
      Packit fd8b60 
          
      On this page
      Packit fd8b60
        Packit fd8b60 
      • keytab
          		•
          Packit fd8b60 
        • Default keytab
          		•
          Packit fd8b60 
        • Default client keytab
          		•
          Packit fd8b60
          Packit fd8b60
          Packit fd8b60
          Packit fd8b60
          Packit fd8b60
          Packit fd8b60 
              
          Table of contents
          Packit fd8b60
            Packit fd8b60 
          • For users
            		•
            Packit fd8b60 
          • For administrators
            		•
            Packit fd8b60 
          • For application developers
            		•
            Packit fd8b60 
          • For plugin module developers
            		•
            Packit fd8b60 
          • Building Kerberos V5
            		•
            Packit fd8b60 
          • Kerberos V5 concepts
              		•
              Packit fd8b60 
            • Credential cache
              		•
              Packit fd8b60 
            • keytab
              		•
              Packit fd8b60 
            • replay cache
              		•
              Packit fd8b60 
            • stash file
              		•
              Packit fd8b60 
            • Supported date and time formats
              		•
              Packit fd8b60
              Packit fd8b60
              Packit fd8b60 
            • Protocols and file formats
              		•
              Packit fd8b60 
            • MIT Kerberos features
              		•
              Packit fd8b60 
            • How to build this documentation from the source
              		•
              Packit fd8b60 
            • Contributing to the MIT Kerberos Documentation
              		•
              Packit fd8b60 
            • Resources
              		•
              Packit fd8b60
              Packit fd8b60
              Packit fd8b60
              Packit fd8b60 
                  
              Full Table of Contents
              Packit fd8b60 
                  
              Search
              Packit fd8b60 
                  <form class="search" action="../search.html" method="get">
              Packit fd8b60 
                    <input type="text" name="q" size="18" />
              Packit fd8b60 
                    <input type="submit" value="Go" />
              Packit fd8b60 
                    <input type="hidden" name="check_keywords" value="yes" />
              Packit fd8b60 
                    <input type="hidden" name="area" value="default" />
              Packit fd8b60 
                  </form>
              Packit fd8b60
              Packit fd8b60
              Packit fd8b60
              Packit fd8b60
              Packit fd8b60
              Packit fd8b60
              Packit fd8b60
              Packit fd8b60 
                          
              Release: 1.18.2
              Packit fd8b60 
                              © Copyright 1985-2020, MIT.
              Packit fd8b60
              Packit fd8b60
              Packit fd8b60
              Packit fd8b60
              Packit fd8b60 
                          >Contents |
              Packit fd8b60
              Packit fd8b60 
                          >previous |
              Packit fd8b60
              Packit fd8b60 
                          >next |
              Packit fd8b60
              Packit fd8b60 
                          >index |
              Packit fd8b60
              Packit fd8b60 
                          >Search |
              Packit fd8b60 
                  feedback
              Packit fd8b60
              Packit fd8b60
              Packit fd8b60
              Packit fd8b60
              Packit fd8b60 
                </body>
              Packit fd8b60 
              </html>

              Powered by Pagure 5.14.1

              SSH Hostkey/Fingerprint | Documentation