For a distributed application, it may be important for a server to have a network identity that is distinct from the principal identity it inherits from the user who invokes it or the host on which it runs. The key management facility provides features that enable noninteractive principals to manage their secret keys.
The user interface to the key management facility consist of a few rgy_edit subcommands that enable an administrator to maintain a key table. A remote interface allows users and administrators to maintain key tables on remote machines through the dcecp keytab verbs. A subset of local operations is also available though this interface. These subcommands call the key management API, which consists of several calls with the prefix sec_key_.