다음 절차에 따라 KDC에서 만들어진 Kerberos 키를 가져올 수 있습니다. 그러면 키가 어플라이언스 keytab에 저장됩니다. 이 작업에는 KDC에 대한 로그인 자격 증명이 필요하지 않습니다. 각 등록 정보에 대한 설명은 Kerberos 서비스 등록 정보 및 Kerberos 등록 정보 및 로그를 참조하십시오.
시작하기 전에
Kerberos 영역 만들기(CLI)에 설명된 대로 Kerberos 서비스를 사용으로 설정하고 영역을 설정했으며 KDC를 식별했는지 확인하십시오.
hostname:configuration services kerberos importkeytab (uncommitted)> show Properties: url = (unset) user = (unset) password = (unset)
hostname:configuration services kerberos importkeytab (uncommitted)> set url=http://akbuild1/shares/export/123456/demo.keytab url = http://akbuild1/shares/export/123456/demo.keytab
hostname:configuration services kerberos importkeytab (uncommitted)> set user=myusername user = myusername
hostname:configuration services kerberos importkeytab (uncommitted)> set password=letmein password = (set) hostname:configuration services kerberos importkeytab (uncommitted)> commit Transferred 718 of 718 (100%) . . . done Imported 8 keys.
hostname:configuration services kerberos> show Properties: <status> = online allow_weak_crypto = true Realms: REALM KDC TEST.NET kdc1.us.oracle.com
hostname:configuration services kerberos> select TEST.NET hostname:configuration services kerberos TEST.NET> show Properties: kdcs = kdc1.us.oracle.com Keytab entries: NAME KEYS PRINCIPAL principal-000 4 host/hostname.us.oracle.com@TEST.NET principal-001 4 nfs/hostname.us.oracle.com@TEST.NET
hostname:configuration services kerberos TEST.NET> select principal-001 hostname:configuration services kerberos principal-001> show Properties: name = nfs/hostname.us.oracle.com@TEST.NET Keys: KEY KVNO ENCTYPENO ENCTYPE key-000 28 18 AES-256 CTS mode with 96-bit SHA-1 HMAC key-001 28 17 AES-128 CTS mode with 96-bit SHA-1 HMAC key-002 28 16 Triple DES cbc mode with HMAC/sha1 key-003 28 23 ArcFour with HMAC/md5 key-004 28 24 Exportable ArcFour with HMAC/md5 key-005 28 3 DES cbc mode with RSA-MD5 key-006 28 1 DES cbc mode with CRC-32
열 머리글 범례:
KEY = 키 이름
KVNO = 키 버전 번호
ENCTYPENO = 암호화 유형 번호
ENCTYPE = 암호화 유형
hostname:configuration services kerberos principal-001> select key-003 hostname:configuration services kerberos principal-001 key-003> show Properties: principal = nfs/hostname.us.oracle.com@TEST.NET kvno = 28 enctype = ArcFour with HMAC/md5 enctypeno = 23