Operating Systems: i5/OS
             Personalize the table of contents and search results

 

Use the ktab command to manage the Kerberos keytab file

 

The Kerberos key table manager command (Ktab) allows the Web administrator to manage the Kerberos service principal names and keys stored in a local Kerberos keytab file. Kerberos service principal (SPN) name and keys listed in the Kerberos keytab file allow services running on the host to authenticate themselves to the KDC. Before SPNEGO TAI can use Kerberos, the WebSphere Application Server administrator must setup a Kerberos keytab file on the host running WebSphere Application Server.

Below is an example of how Ktab is used on a LINUX platform to add new principal names to the Kerberos keytab file. 

[root@wssecjibe bin]# ./ktab -a 
HTTP/wssecjibe.austin.ibm.com@WSSEC.AUSTIN.IBM.COM ot56prod -k /etc/krb5.keytab
Done!
Service key for principal HTTP/wssecjibe.austin.ibm.com@WSSEC.AUSTIN.IBM.COM saved
Below is an example of how Ktab is used on a LINUX platform to list Kerberos keytab file content. 

[root@wssecjibe bin]# ./ktab

        KVNO    Principal
        ----    ---------

        1       HTTP/wssecjibe.austin.ibm.com@WSSEC.AUSTIN.IBM.COM

[root@wssecjibe bin]# ls /etc/krb5.*
/etc/krb5.conf 
/etc/krb5.keytab

Note: You can use the native Kerberos implementation ktutil command to manage the Kerberos keytab file.

 

Related concepts


Single sign-on for HTTP requests using SPNEGO

 

Related tasks


Creating a Kerberos service principal and keytab file that is used by the WebSphere Application Server SPNEGO TAI

 

Related Reference


Single sign-on capability with SPNEGO TAI - checklist
Kerberos: The Network Authentication Protocol
Kerberos configuration file
Ktab - Kerberos Key Table Manager

 

Reference topic