Okay.The reason I asked for the format is this : for my work, I need the keytab file to be loaded in my application and since it has to be protected, I was planning to encode it in, say Base64 and store it in a secure server, and retrieve it from there and decode it and use it. But since the keytab file contains the service principal name and the keys, i wasn't sure if it is possible to encode such a value.
On Wed, May 10, 2017 at 12:46 AM, Benjamin Kaduk <ka...@mit.edu> wrote: > On Wed, May 10, 2017 at 12:20:44AM +0530, Abhishek Kaushik wrote: > > Thank you for replying. > > > > I understood that it is a symmetric key which is shared with the KDC. > > So, is it in binary format or is there some other format which is used, > > generally? > > The keytab file format is documented at > http://web.mit.edu/kerberos/krb5-latest/doc/formats/ > keytab_file_format.html > > > And what if(hypothetically) you don't have a password for some user, how > is > > the key generated in such a case? > > Like you have mentioned that the services only have the raw key.. > > During provisioning or rekeying, the KDC generates a random key and > transmits it to the client (over an encrypted connection, of > course). > > -Ben > ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
