The Kerberos key table manager command (Ktab) allows the product administrator to manage the Kerberos service principal names and keys stored in a local Kerberos keytab file. With the IBM Software Development Kit (SDK) or Sun Java Development Kit (JDK) 1.6 or later, you can use the ktab command to merge two Kerberos keytab files.
To merge the ktab files, you must install Java Development Kit (JDK) Version 1.6 SR3 cumulative fix, which upgrades the JDK to Version 1.6.0_07.
To merge the ktab files, you must install Software Development Kit (SDK) Version 1.6 SR3 cumulative fix, which upgrades the JDK to Version 1.6.0.02.
To merge the ktab files, you must install Java Development Kit (JDK) Version 1.6 SR3 cumulative fix, which upgrades the SDK to Version 1.6.0 Java Technology Edition SR3.
In WebSphere Application Server Version 6.1, a trust association interceptor (TAI) that uses the Simple and Protected GSS-API Negotiation Mechanism (SPNEGO) to securely negotiate and authenticate HTTP requests for secured resources was introduced. In WebSphere Application Server Version 7.0, this function is now deprecated.
SPNEGO Web authentication has taken its place to provide the following enhancements:
$ ktab -help Usage: java com.ibm.security.krb5.internal.tools.Ktab [options] Available options: -l list the keytab name and entries -a <principal_name> [password] add an entry to the keytab -d <principal_name> delete an entry from the keytab -k <keytab_name> specify keytab name and path with FILE: prefix -m <source_keytab_name> <destination_keytab_name> specify merging source keytab file name and destination keytab file name
[root@wssecjibe bin]# ./ktab -m /etc/krb5Host1.keytab /etc/krb5.keytab Merging keytab files: source=krb5Host1.keytab destination=krb5.keytab Done! [root@wssecjibe bin]# ls /etc/krb5.* /etc/krb5Host1.keytab/etc/krb5.keytab /etc/krb5.keytab
[root@wssecjibe bin]# ./ktab -a HTTP/wssecjibe.austin.ibm.com@WSSEC.AUSTIN.IBM.COM ot56prod -k /etc/krb5.keytab Done! Service key for principal HTTP/wssecjibe.austin.ibm.com@WSSEC.AUSTIN.IBM.COM saved
[root@wssecjibe bin]# ./ktab KVNO Principal ---- --------- 1 HTTP/wssecjibe.austin.ibm.com@WSSEC.AUSTIN.IBM.COM [root@wssecjibe bin]# ls /etc/krb5.* /etc/krb5.conf /etc/krb5.keytab