PreviousNext

keytab create

Creates a key table. The syntax is:

keytab create keytab_name_list
{-attribute attribute_list | attribute value}
keytab residual_keytab_name [-entry] [-noprivacy] [-local]

Options

-attribute attribute_list
Allows you to specify attributes by using an attribute list rather than using the -attribute value option. The format of an attribute list is as follows:

{{attribute value}…{attribute value}}

-attribute value
As an alternative to using the -attribute option with an attribute list, you can change individual options by prepending a hyphen (-) to any attributes list in the Attributes topic of this reference page.

-ktname residual_keytab_name
Specifies the keytab object to create. If you use this option, you must specify keytab_name_list as a string binding. See Arguments for more information about specifying a string binding for keytab_name_list.

-local
Specifies that the create operation operates on local files only.

-noprivacy
Specifies that key tables are sent over the network unencrypted.

Description
The keytab create operation creates a key table. The argument is a list of names of key tables to be created. The command takes an -attribute option to specify configuration information for dced. The -ktname option identifies the specific key table to operate on, but only when the argument is a string binding representing a key table, not the fully qualified key table name. Use the data attribute to specify the contents of the key tables named in the keytab_name_list. The data attribute is a list of keys with associated principal names, key types, versions, and key values in the form

principal_name key_type version{key_value}

where :

principal_name
Is the required name of the server principal for which the keytab is being created.

key_type
Is a required code that specifies whether the key is stored in plain text or in DES encrypted format:

· des indicates DES encryption

· plain indicates plain text

version
Is the key's required version number.

key-value
If the key type is plain, key value is required. If the key type is des, key value is optional; if one is not entered, a key value is randomly generated.

This operation creates the key tables named in keytab_name_list and assigns all of them the values specified by the data attribute The operation returns an empty string on success.

Privileges Required
You must have I (insert) permission to the keytab object on the host.

Examples
The following example creates two keys for user vmrand one key for pwang on host medusa. One of vmr's keys is an automatically generated Data Encryption Standard (DES) key. Both vmr's second key and pwang's key are manually entered keys.

dcecp> keytab create /.:/hosts/medusa/config/keytab/radiology -attribute \
> {{{storage /opt/dcelocal/keys/radiology} {data {{vmr des 2} \
> {vmr plain 3 key2} {pwang des 2 key3}}}}
dcecp>