29.5.13

Create & merge keytabs


Creating a keytab file

> ktutil ktutil: addent -password -p username@ADS.IU.EDU -k 1 -e rc4-hmac Password for username@ADS.IU.EDU: [enter your password] ktutil: addent -password -p username@ADS.IU.EDU -k 1 -e aes256-cts Password for username@ADS.IU.EDU: [enter your password] ktutil: wkt username.keytab ktutil: quit
arcfour-hmac-md5 is ok for the -e for Samba4 

Deleting a key from a keytab file

If you no longer need a keytab file, delete it immediately. If the keytab contains multiple keys, you can delete specific keys with the ktutil command. You can also use this procedure to remove old versions of a key. An example using MIT Kerberos follows:
> ktutil ktutil: read_kt mykeytab ktutil: list ... slot# version# username@ADS.IU.EDU version# ... ktutil: delent slot#

Merging keytab files

If you have multiple keytab files that need to be in one place, you can merge the keys with the ktutil command. To merge keytab files using MIT Kerberos, use: > ktutil ktutil: read_kt mykeytab-1 ktutil: read_kt mykeytab-2 ktutil: read_kt mykeytab-3 ktutil: write_kt krb5.keytab ktutil: quit