We now have to extract all the instances which define the services
on each machine. For this we use the ext_srvtab command.
This will create a file which must be copied or moved by secure
means to each Kerberos client's /etc/kerberosIV directory. This
file must be present on each server and client, and is crucial to the
operation of Kerberos.
grunt# ext_srvtab grunt
Enter Kerberos master key:
Current Kerberos master key version is 1.
Master key entered. BEWARE!
Generating 'grunt-new-srvtab'....
Now, this command only generates a temporary file
which must be renamed to srvtab so that all the
server can pick it up. Use the mv command to move it
into place on the original system:
grunt# mv grunt-new-srvtab srvtab
If the file is for a client system, and the network is not
deemed safe, then copy the <client>-new-srvtab to
removable media and transport it by secure physical means. Be
sure to rename it to srvtab in the client's
/etc/kerberosIV directory, and make sure it is mode 600:
grumble# mv grumble-new-srvtab srvtab
grumble# chmod 600 srvtab