[28694] in Kerberos
Question on security of keytab file.
daemon@ATHENA.MIT.EDU (Priya Govindarajan)
Thu Nov 8 15:39:40 2007
To: kerberos@mit.edu
MIME-Version: 1.0
Message-ID: <OF6F96A380.A271D997-ON8725738D.006C0759-8825738D.006DEC7E@us.ibm.com>
From: Priya Govindarajan <govindap@us.ibm.com>
Date: Thu, 8 Nov 2007 12:01:05 -0800
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hi,
I understand that the keytab file contains the secret key associated with
the server principal.
The question is while providing support for a service to be a kerberized
service -
what are the security issues/advantages by providing the option for the
user to have individual keytab file (can be different from
/etc/krb5.keytab and holds the key of that particular service) for the
kerberized service Vs using the default keytab file (/etc/krb5.keytab).
Is it necessary to have seperate keytab file for the kerberized service
different from the default keytab file (/etc/krb5.keytab for linux) ? i.e
does it provide any more security that already root only access
/etc/krb5.keytab.
Thanks,
Priya
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
