PreviousNext

Description

The keytab object represents key tables (usually files) that store server keys (and key version numbers) on hosts. These key tables are manipulated remotely using dced which maintains configuration information about each key table. This information is represented as the attributes on this object. The keys are considered members of the key table container. The names of keytabs are similar to other dced objects, namely:

/.../cell/hosts/hostname/config/keytab/name

A key table has a set of keys. Each key contains a principal name, type, version, and value. The value can be created and changed, but is never shown on output. Removal of a key is based on the name, type and version number. The dcecp syntax of a key is a list of principal name, type (which is either plain or des), version (a non-negative integer), and value. The value of a des key is 64 bits long and can be represented in dcecp as extended registry attributes (ERAs) of type byte (refer to the schema object attributes for details. The value is valid on input but is not displayed on output so that keys are not shown on the screen. For example:

melman des 1 key1
melman plain 3 key2

Multiple keys for the same principal are displayed as separate keys. See the example in the keytab show operation.