Kerberos service principal (SPN) name and keys listed
in the Kerberos keytab file allow services running on the host to
authenticate themselves to the KDC. Before SPNEGO TAI can use Kerberos,
the WebSphere
® Application
Server administrator must setup a Kerberos keytab file on the host
running WebSphere Application
Server.
Important:
- It is important to protect the keytab files and enable them to
be read by authorized product users only.
- Any updates to the Kerberos keytab file using ktutil command
do not affect the Kerberos database. If you change the keys in the
Kerberos keytab file, you must also make the corresponding changes
to the Kerberos database.
The following example shows how to merge the
krbtest.keytab to
krb5.keytab files
using the
ktutil command on an AIX
®, UNIX
®, Linux
®, or z/OS
® operating system:
$ ktutil
ktutil: rkt /etc/krb5/krbtest.keytab
ktutil: wkt /etc/krb5/krb5.keytab
ktutil: q