Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Linux keytab file for authentication

Tags:

linux

security

authentication

kerberos

I am new to Linux keytab file. Any documents for a newbie about what is the function of this file in authentication? Thanks.

regards, George

like image 773
George2 Avatar asked Jan 31 '11 13:01

George2

People also ask

How do I create a Keytab file in Linux?

Create the keytab files, using the ktutil command: Create a keytab file for each encryption type you use by using the add_entry command. For example, run ktuitl: add_entry -password -p principal_name -k number -e encryption_type for each encryption type.

How do I validate a Keytab in Linux?

The contents of keytab file can be verified using either Unix/linux ktutil or klist commands or java ktab utility. Alternatively you can also use Klist or Ktab utility that comes with standard java. Key tab: krba01.

What is Keytab authentication?

Every network service to which a user may authenticate needs to have a service principal with a corresponding key. The network service has to have a copy of that key on the system so that it can verify a user's identity. That key is stored in a specially formatted file called a keytab.

1 Answers

Ordinarily, one must enter a password to authenticate to Kerberos. The problem with this is when scripts or programs need to authenticate without human interaction. For example, you boot a server in the middle of the night and want all the services to start up without requiring an operator at the console to enter a bunch of passwords.

The keytab file provides this capability. In essence it is one or more entries, each consisting of a Kerberos account name (you will see these referred to as 'principals') and an encrypted value derived from the password. Together these can be used to authenticate to a Kerberos server without human interaction.

The value of this is that it is impossible to know the password from looking at the file. However, anyone with read access to the file can use it to authenticate to the Kerberos server so it is still important to keep the file well-protected and readable only by its owner.

I wasn't able to find a good, generic intro-level reference for keytab files, however many web sites have written their own tutorials for their users. Although these are written toward a specific audience and environment, many provide a good background on the subject. A good starting point to read up on these is Stanford's An Introduction to Keytabs.

like image 149
T.Rob Avatar answered Sep 24 '22 16:09

T.Rob
Sign in to Comment

Related questions

Bash PS1 shows $ instead of # for root
phpredis errors Class Redis not found in Linux
How to install R 3.1.2 on Linux Mint 17.1
Using shell commands with boot2docker
How do I remove the Centos 7 Desktop (Hot Corner) top right effect? [closed]
The fastest way to count the number of files in a directory (including subdirectories)
Unable to compile with make | fatal error No space left on device
How to Exit Linux terminal using Python script?
How can I get the temp folder of a machine running maven?
Pairing bluetooth devices with Passkey/Password in python - RFCOMM (Linux)
Difference between crc32() implementations of <linux/crc32.h> and <zlib.h> in C
SSL on Nginx throws error (SSL: error:0908F066:PEM routines:get_header_and_data:bad end line)
Linux permission denied after chmod a=rwx
install svn client on redhat RHEL5 [closed]
Executing a flat binary file under Linux
How can I grab the color of a pixel on my desktop? (Linux)
difference between .so.0 and .so.0.0.0 files
Python script outputs to console even when it's' run in the background
how to find the header file to be included for a library function in linux
How to change/show permissions in C

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!