ktab(1)

NAME

ktab - Kerberos key table manager

ktab allows the user to manage the principal names and
service keys stored in a local key table. Principal and
key pairs listed in the keytab allow services running on a
host to authenticate themselves to the Key Distribution
Center (KDC). Before a server can be setup to use Ker
beros, the user must setup a keytab on the host running
the server. Note that any updates made to the keytab using
ktab do not affect the Kerberos database. If you change
the keys in the keytab, you must also make the correspond
ing changes to the Kerberos database.

SYNOPSIS

ktab [ commands ]

DESCRIPTION

ktab manages principal name and key pairs in the key
table. ktab allows the user to list, add, update or
delete principal names and key pairs in the key table.
None of these operations affect the Kerberos database.

Keytab

A keytab is a host's copy of its own keylist, which is
analogous to a user's password. An application server that
needs to authenticate itself to the Key Distribution Cen
ter (KDC) must have a keytab which contains its own prin
cipal and key. Just as it is important for users to pro
tect their passwords, it is equally important for hosts to
protect their keytabs. You should always store keytab
files on the local disk and make them readable only by
root. You should never send a keytab file over a network
in the clear.

COMMANDS

Usage: The command line options are not case sensitive.

ktab -help

ktab -l [-k <keytab_name>]

ktab [-a <principal_name> <password>] [-k <keytab_name>]

ktab [-d <principal_name>] [-k <keytab_name>]

-l List the keytab name and entries.

-a <principal_name> <password> Add an entry to the
keytab. No changes are made to the Kerberos
database. (DO NOT SPECIFY YOUR PASSWORD ON COMMAND
LINE OR IN A SCRIPT.)
-d <principal_name> Delete an entry from the keytab.
No changes are made to the Kerberos database.
-k <keytab_name> Specify keytab name and path with
prefix FILE:
-help Displays intsructions.

EXAMPLES

To list all the entries in the default keytable:

ktab -l

To add a new principal to the key table (note that you
will be prompted for your password):

ktab -a duke@java.sun.com

To delete a principal from the key table:

ktab -d duke@java.sun.com

SECURITY ALERT

Do not specify your password on the command line. Doing
so is a security hole. For example, an attacker could dis
cover your password while running the Unix ps command.

21 Oct 2002 ktab(1)

Copyright © 2010-2025 Platon Technologies, s.r.o.           Home | Man pages | tLDP | Documents | Utilities | About
Design by styleshout