Linux/Kerberos

From Omnia
Jump to navigation Jump to search

keytab management

A keytab is a file containing pairs of Kerberos principals and encrypted keys (which are derived from the Kerberos password). You can use a keytab file to authenticate to various remote systems using Kerberos without entering a password. However, when you change your Kerberos password, you will need to recreate all your keytabs.

Keytab files are commonly used to allow scripts to automatically authenticate using Kerberos, without requiring human interaction or access to password stored in a plain-text file. The script is then able to use the acquired credentials to access files stored on a remote system.

ref https://servicenow.iu.edu/kb?id=kb_article_view&sysparm_article=KB0024956

list contents

klist -k /etc/krb5.keytab
# or
ktutil
 read_kt /etc/krb5.keytab
 list
 quit

Remove entry

ktutil
 read_kt /etc/krb5.keytab
 list
 delent <#>
 write_kt /etc/krb5.keytab.new
 quit
cp /etc/krb5.keytab.new /etc/krb5.keytab