[37982] in Kerberos
Re: Doubts regarding Keytab file
daemon@ATHENA.MIT.EDU (Abhishek Kaushik)
Thu May 11 06:58:14 2017
MIME-Version: 1.0
In-Reply-To: <20170509191631.GG30306@kduck.kaduk.org>
From: Abhishek Kaushik <akaushik079@gmail.com>
Date: Thu, 11 May 2017 12:17:55 +0530
Message-ID: <CADM0g8qpC2kEqO-MzkHjQ2PCnOMTFPuWagB_gKdhhYgsxZBV0g@mail.gmail.com>
To: Benjamin Kaduk <kaduk@mit.edu>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Okay.The reason I asked for the format is this : for my work, I need the
keytab file to be loaded in my application and since it has to be
protected, I was planning to encode it in, say Base64 and store it in a
secure server, and retrieve it from there and decode it and use it. But
since the keytab file contains the service principal name and the keys, i
wasn't sure if it is possible to encode such a value.
On Wed, May 10, 2017 at 12:46 AM, Benjamin Kaduk <kaduk@mit.edu> wrote:
> On Wed, May 10, 2017 at 12:20:44AM +0530, Abhishek Kaushik wrote:
> > Thank you for replying.
> >
> > I understood that it is a symmetric key which is shared with the KDC.
> > So, is it in binary format or is there some other format which is used,
> > generally?
>
> The keytab file format is documented at
> http://web.mit.edu/kerberos/krb5-latest/doc/formats/
> keytab_file_format.html
>
> > And what if(hypothetically) you don't have a password for some user, how
> is
> > the key generated in such a case?
> > Like you have mentioned that the services only have the raw key..
>
> During provisioning or rekeying, the KDC generates a random key and
> transmits it to the client (over an encrypted connection, of
> course).
>
> -Ben
>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
