Doubts regarding Keytab file
Abhishek Kaushik
akaushik079 at gmail.com
Thu May 11 02:47:55 EDT 2017
Okay.The reason I asked for the format is this : for my work, I need the
keytab file to be loaded in my application and since it has to be
protected, I was planning to encode it in, say Base64 and store it in a
secure server, and retrieve it from there and decode it and use it. But
since the keytab file contains the service principal name and the keys, i
wasn't sure if it is possible to encode such a value.
On Wed, May 10, 2017 at 12:46 AM, Benjamin Kaduk <kaduk at mit.edu> wrote:
> On Wed, May 10, 2017 at 12:20:44AM +0530, Abhishek Kaushik wrote:
> > Thank you for replying.
> >
> > I understood that it is a symmetric key which is shared with the KDC.
> > So, is it in binary format or is there some other format which is used,
> > generally?
>
> The keytab file format is documented at
> http://web.mit.edu/kerberos/krb5-latest/doc/formats/
> keytab_file_format.html
>
> > And what if(hypothetically) you don't have a password for some user, how
> is
> > the key generated in such a case?
> > Like you have mentioned that the services only have the raw key..
>
> During provisioning or rekeying, the KDC generates a random key and
> transmits it to the client (over an encrypted connection, of
> course).
>
> -Ben
>
More information about the Kerberos
mailing list