Previous: Network Services and the Master Database, Up: Network Services and the Master Database



2.6.1 The Keytab File

For each service, there must also be a service key known only by Kerberos and the service. On the Kerberos server, the service key is stored in the Kerberos database.

On the server host, these service keys are stored in key tables, which are files known as keytabs.1 For example, the service keys used by services that run as root are usually stored in the keytab file /etc/krb5.keytab. N.B.: This service key is the equivalent of the service's password, and must be kept secure. Data which is meant to be read only by the service is encrypted using this key.


Footnotes

[1] Keytabs were called srvtabs in Kerberos V4.