Node:The Keytab File, Previous:Network Services and the Master Database, Up:Network Services and the Master Database
For each service, there must also be a service key known only by Kerberos and the service. On the Kerberos server, the service key is stored in the Kerberos database.
On the server host, these service keys are stored in key tables,
which are files known as keytabs.1 For example, the service keys used by
services that run as root are usually stored in the keytab file
/etc/krb5.keytab
. N.B.: This service key is the equivalent
of the service's password, and must be kept secure. Data which is meant
to be read only by the service is encrypted using this key.