Doubts regarding Keytab file
Benjamin Kaduk
kaduk at mit.edu
Tue May 9 15:16:32 EDT 2017
On Wed, May 10, 2017 at 12:20:44AM +0530, Abhishek Kaushik wrote:
> Thank you for replying.
>
> I understood that it is a symmetric key which is shared with the KDC.
> So, is it in binary format or is there some other format which is used,
> generally?
The keytab file format is documented at
http://web.mit.edu/kerberos/krb5-latest/doc/formats/keytab_file_format.html
> And what if(hypothetically) you don't have a password for some user, how is
> the key generated in such a case?
> Like you have mentioned that the services only have the raw key..
During provisioning or rekeying, the KDC generates a random key and
transmits it to the client (over an encrypted connection, of
course).
-Ben
More information about the Kerberos
mailing list