The Kerberos key table manager command (Ktab) allows the product administrator to manage the Kerberos service principal names and keys stored in a local Kerberos keytab file. With the IBM Software Development Kit (SDK) or Sun Java Development Kit (JDK) 1.6 or later, you can use the ktab command to merge two Kerberos keytab files.
To merge the ktab files, you must install
Java Development Kit (JDK) Version 1.6 SR3 cumulative fix, which upgrades
the JDK to Version 1.6.0_07.
To merge the ktab
files, you must install Software Development Kit (SDK) Version 1.6
SR3 cumulative fix, which upgrades the JDK to Version 1.6.0.02.
To merge the ktab files, you must install
Java Development Kit (JDK) Version 1.6 SR3 cumulative fix, which upgrades
the SDK to Version 1.6.0 Java Technology Edition SR3.
In WebSphere Application Server Version 6.1, a trust association interceptor (TAI) that uses the Simple and Protected GSS-API Negotiation Mechanism (SPNEGO) to securely negotiate and authenticate HTTP requests for secured resources was introduced. In WebSphere Application Server Version 7.0, this function is now deprecated.
SPNEGO Web authentication has taken its place to provide the following enhancements:
$ ktab -help Usage: java com.ibm.security.krb5.internal.tools.Ktab [options] Available options: -l list the keytab name and entries -a <principal_name> [password] add an entry to the keytab -d <principal_name> delete an entry from the keytab -k <keytab_name> specify keytab name and path with FILE: prefix -m <source_keytab_name> <destination_keytab_name> specify merging source keytab file name and destination keytab file name
[root@wssecjibe bin]# ./ktab -m /etc/krb5Host1.conf /etc/krb5.conf Merging keytab files: source=krb5Host1.conf destination=krb5.conf Done! [root@wssecjibe bin]# ls /etc/krb5.* /etc/krb5Host1.conf/etc/krb5.conf /etc/krb5.keytab
[root@wssecjibe bin]# ./ktab -a HTTP/wssecjibe.austin.ibm.com@WSSEC.AUSTIN.IBM.COM ot56prod -k /etc/krb5.keytab Done! Service key for principal HTTP/wssecjibe.austin.ibm.com@WSSEC.AUSTIN.IBM.COM saved
[root@wssecjibe bin]# ./ktab KVNO Principal ---- --------- 1 HTTP/wssecjibe.austin.ibm.com@WSSEC.AUSTIN.IBM.COM [root@wssecjibe bin]# ls /etc/krb5.* /etc/krb5.conf /etc/krb5.keytab