I am new to Linux keytab file. Any documents for a newbie about what is the function of this file开发者_运维百科 in authentication? Thanks.
regards, George
Ordinarily, one must enter a password to authenticate to Kerberos. The problem with this is when scripts or programs need to authenticate without human interaction. For example, you boot a server in the middle of the night and want all the services to start up without requiring an operator at the console to enter a bunch of passwords.
The keytab file provides this capability. In essence it is one or more entries, each consisting of a Kerberos account name (you will see these referred to as 'principals') and an encrypted value derived from the password. Together these can be used to authenticate to a Kerberos server without human interaction.
The value of this is that it is impossible to know the password from looking at the file. However, anyone with read access to the file can use it to authenticate to the Kerberos server so it is still important to keep the file well-protected and readable only by its owner.
I wasn't able to find a good, generic intro-level reference for keytab files, however many web sites have written their own tutorials for their users. Although these are written toward a specific audience and environment, many provide a good background on the subject. A good starting point to read up on these is Stanford's An Introduction to Keytabs.
精彩评论