 |
Index for
Section 4 |
|
 |
Alphabetical
listing for V |
|
 |
Bottom of
page |
|
v5srvtab(4)
NAME
v5srvtab - Contains the service key table
SYNOPSIS
/krb5/v5srvtab
DESCRIPTION
The /krb5/v5srvtab file is the default service key table file that contains
the principal entries that you extract from the principal database on the
Key Distribution Center (KDC). Each service principal must have a principal
entry in the principal database.
Unattended services that must authenticate using a service principal
account require that a key be added to the service key table file. The
secured application sends the service ticket to the secured service,
requesting a connection. The secured service decrypts the ticket using its
key found in the service key table file. If the service can decrypt the
ticket, it knows that the user was previously authenticated and is who the
user claims to be. The service then performs authorization checks. If the
checks are successful, a connection is established.
Data Types
There are many types of service key table files; available types depend on
compile-time definitions. The available types include the following:
MEM A memory-based service key table file stores credentials in volatile
memory. It is useful in environments where no file system exists, or
for applications that require only temporary use of the extracted key
(or where putting those keys on disk can cause problems).
A typical use of a memory-based service key table file is as a
temporary storage location for use by applications that need to merge,
edit, or consolidate a file-based service key table file without
incurring the overhead of file-based I/O.
In most environments, a MEM service key table is not persistent and
lives only as long as the process that created the service key table.
Thus, it is not suitable to store keys that must be passed between
processes. You can, however, use it to pass keys within a process.
Multiple accesses to the service key table file are supported through
reference counting. As long as the file has been accessed by
csfC5resolve_kt() at least one more time than it has been closed by
csfC5close_kt(), it will not be destroyed by a call to csfC5close_kt().
To allow opening of an existing memory service key table file by
additional calls to csfC5resolve_kt(), the kt structure name contains a
special name that can be resolved with the memory service key table
file address. To create a name string that csfC5resolve_kt() can use,
concatenate the kt.tname field, a ':', and the kt.name field. This
technique works for the FILE service key table as well.
FILE
A file-based (nonvolatile) service key table file stores keys in a disk
file. For multiuser systems, the file allows access only to the
applications needing access to the service key table file. Identify
FILE type to indicate that the service key table file should not be
modified by the operation.
WFILE
A file-based (nonvolatile) service key table stores keys in a disk
file. Both the FILE and WFILE types can be used to refer to the same
file storage location. However, use the WFILE type to indicate that the
service key table file should be treated as a writable file during the
operation.
Specify a service key table file with a name in the form TYPE:name, where
all components are optional. The type specifies MEM, FILE or WFILE; the
interpretation of the name is specific to a type. The name specifies the
name of the service key table file. The default name for the FILE and WFILE
types is /krb5/v5srvtab. The names NULL, "", and : are all equivalent, and
all specify that the default service key table name should be used.
The type or name component can be empty. The following table lists the
possible combinations and results:
______________________________________________________________________
Component Type Component Name Behavior
Key Table Type and
Name
______________________________________________________________________
Empty Empty
Default
type and
name.
FILE:/krb5/v5srvtab
Specified Empty
Default
name for
type.
FILE:/krb5/v5srvtab
WFILE:/krb5/v5srvtab
MEM: no default name.
Empty Specified
Default
type with
specified
name.
FILE:/keytablename
Specified Specified
Use
specified
type and
name.
TYPE:/keytablename
______________________________________________________________________
SEE ALSO
Commands: kinit(1) ktutil(1)
|
Index for
Section 4 |
|
|
Alphabetical
listing for V |
|
 |
Top of
page |
|