A keytab is a host's copy of its own keylist, which is analogous
to a user's password. An application server that needs to authenticate
itself to the KDC has to have a keytab that contains its own principal
and key. Just as it is important for users to protect their passwords,
it is equally important for hosts to protect their keytabs. You should
always store keytab files on local disk, and make them readable only by
root, and you should never send a keytab file over a network in the
clear. Ideally, you should run the kadmin
command to extract a
keytab on the host on which the keytab is to reside.