[37980] in Kerberos
Re: Doubts regarding Keytab file
daemon@ATHENA.MIT.EDU (Benjamin Kaduk)
Tue May 9 15:16:52 2017
Date: Tue, 9 May 2017 14:16:32 -0500
From: Benjamin Kaduk <kaduk@mit.edu>
To: Abhishek Kaushik <akaushik079@gmail.com>
Message-ID: <20170509191631.GG30306@kduck.kaduk.org>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <CADM0g8oCVYNYdmXV3DLr=0feEwqXZW7C94qaihVDB1_Y_jFduQ@mail.gmail.com>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Wed, May 10, 2017 at 12:20:44AM +0530, Abhishek Kaushik wrote:
> Thank you for replying.
>
> I understood that it is a symmetric key which is shared with the KDC.
> So, is it in binary format or is there some other format which is used,
> generally?
The keytab file format is documented at
http://web.mit.edu/kerberos/krb5-latest/doc/formats/keytab_file_format.html
> And what if(hypothetically) you don't have a password for some user, how is
> the key generated in such a case?
> Like you have mentioned that the services only have the raw key..
During provisioning or rekeying, the KDC generates a random key and
transmits it to the client (over an encrypted connection, of
course).
-Ben
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
