Active Directory – generate keytab file for non-Windows hosts

The ktpass command-line tool allows non-Windows services that support Kerberos authentication to use the interoperability features with Active Directory..

keytab – is a file containing pairs of Kerberos principals and encrypted keys (which are derived from the Kerberos password). You can use a keytab file to authenticate to various remote systems using Kerberos without entering a password. However, when you change your Kerberos password, you will need to recreate all your keytabs.

Example of use:

ktpass -princ HTTP/ws00.local.test@LOCAL.TEST -mapuser service.ws00@LOCAL.TEST -pass strongPassword -ptype KRB5_NT_PRINCIPAL -out c:\temp\krb5.keytab

1. ktpass

Leave a Reply

Your email address will not be published. Required fields are marked *