Question on security of keytab file.
Priya Govindarajan
govindap at us.ibm.com
Thu Nov 8 15:01:05 EST 2007
Hi,
I understand that the keytab file contains the secret key associated with
the server principal.
The question is while providing support for a service to be a kerberized
service -
what are the security issues/advantages by providing the option for the
user to have individual keytab file (can be different from
/etc/krb5.keytab and holds the key of that particular service) for the
kerberized service Vs using the default keytab file (/etc/krb5.keytab).
Is it necessary to have seperate keytab file for the kerberized service
different from the default keytab file (/etc/krb5.keytab for linux) ? i.e
does it provide any more security that already root only access
/etc/krb5.keytab.
Thanks,
Priya
More information about the Kerberos
mailing list