Kerberos - KeyTab (Key Table)

About

All Kerberos server machines need a keytab file to authenticate to the KDC.

A keytab file contains one or more shared secret key.

A service will use a keytab file in much the same way as a user uses his/her password.

Default Location

/etc/krb5.keytab

Operating System

Windows

  • Use the setspn command to map the Kerberos service principal name, HTTP/<host name>, to a Microsoft user account. An example of setspn usage is as follows:
C:\Program Files\Support Tools>
setspn -A HTTP/myappserver.austin.ibm.com myappserver
ktab.exe –k keytab-file-name –a [email protected]

(NB realm name must be specified in capitals).

Linux

To generate a .keytab file for a host computer that is not running the Windows operating system,

  • Connect to the AD domain controller
  • map the principal to the account and set the host principal password with ktpass
ktpass /princ host/[email protected] /mapuser Sample1 /pass MyPas$w0rd /out Sample1.keytab /crypto all /ptype KRB5_NT_PRINCIPAL /mapop set
  • Merge the .keytab file with the /Etc/Krb5.keytab file on a host computer that is not running the Windows operating system.

Documentation / Reference





Discover More
Kerberos - kinit

kinit is an utility that permits to obtain and cache Kerberos ticket-granting tickets. You can then verify that the Kerberos configuration is good and that the authentication is working. kinit...
Kerberos - klist

The klist utility display the entries (tickets,..) in the local credentials cache and key table. With MIT kerberos where: ...
Kerberos - ktab

ktab is a keytab management utility. It manage the principal names and service keys stored in a local key table. windows:
Kerberos - ktpass

Configures the server principal name for the host or service in active directory Domain Services (AD DS) and generates a .keytab file that contains the shared secret key of the service. Generate...
Wna Sso Kerberos Weblogic
OBIEE 11G - SSO Authentication with Windows Native Authentication (WNA)

This article will go through an SSO Authentication with Windows Native Authentication (WNA) and kerberos Weblogic is on a Unix machines A Windows 2000 (or later release) Server domain...



Share this page:
Follow us:
Task Runner