Generating the Keytab and Principal on a Windows Server

If you are generating the keytab and principal for a Windows server, follow these steps.

Perform this task on the Kerberos Linux server.

In the examples below, MYREALM is the realm and myhost.myparentdomain.local is the fully qualified domain name of the host specified to generate the principal.

Prerequisites

When you create the keytab and principal on the Kerberos server, make sure that the hostname is in lowercase.

For example, if your machine's hostname is myhost.myparentdomain.local, when you create the principal and keytab in KDC, use myhost.myparentdomain.local.

Procedure

  1. Create the Team Studio principal. 
    setspn.exe -A serviceuser/myhost.myparentdomain.local@MYREALM serviceuser
setspn.exe -L serviceuser
  2. Create the Team Studio keytab. 
    ktpass.exe -princ serviceuser/myhost.myparentdomain.local@MYREALM -out chorus.keytab -crypto all -ptype KRB5_NT_PRINCIPAL -desonly -pass bERGucm!mr -mapuser MYREALM\serviceuser

    For example, to create a principal for user johndoe, the Active Directory hostname is ad.tsds.local, the realm is TSDS.LOCAL, and the principal creation command looks like the following example. 

    setspn.exe -A chorus/ad.dsts.local@TSDS.LOCAL johndoe
    The keytab creation command looks like the following example 
    ktpass.exe -princ chorus/ad.dsts.local@DSTS.LOCAL -out chorus.keytab -crypto all -ptype KRB5_NT_PRINCIPAL -desonly -pass DSTSIsCool!!2 -mapuser DSTS\johndoe

    where DSTSIsCool!!2 is the johndoe user's password. The chorus.keytab file gets created in the current directory from where the ktpass.exe command was run.

Related tasks