Protecting Keytab Files
The local keytab files must be adequately protected, and they must not be available on the network. As they are used in the default DCE implementation, the keytab files contain
principal keys, which are the basis of DCE security. If these keys are compromised, network security can also be compromised. The calls that access the keytab file use
rpc_c_protect_level_pkt_privacy. This protection level performs a Data Encryption Standard (DES) encryption on the data being passed. The dcecp keytab -noprivacy option allows you
to specify that your site's default protection level should be used instead.
Create a separate individual keytab file for each server principal that runs on each local node. Servers that share the same keytab file can access each other's keys and thus impersonate each
other./krb5/v5srvtab. Protect the keytab files so that they are readable only by root. If you do this, the servers must be started by root in order to read their keytab files and obtain
their key during login.
When you create or change server keys, you can name a different keytab file for each server that runs on the local node. Protect the file so that it is readable only by the server whose key it
contains. Then set the setuid bit for the server file to the server's identity so that the server can access the keytab file and obtain its key.
|