Generating the Keytab and Principal on a Linux Server

If you are generating the keytab and principal for a Linux server, follow these steps.

Perform this task on the Kerberos Linux server.

In the examples below, MYREALM is the realm and myhost.myparentdomain.local is the fully qualified domain name of the host specified to generate the principal.

Prerequisites

When you create the keytab and principal on the Kerberos server, make sure that the hostname is in lowercase.

For example, if your machine's hostname is myhost.myparentdomain.local, when you create the principal and keytab in KDC, use myhost.myparentdomain.local.

Procedure

  1. Access the kadmin shell using either the command kadmin or sudo kadmin.local.
  2. From the kadmin shell, run the following command to create the principal. 
    addprinc -randkey serviceuser/myhost.myparentdomain.local@MYREALM
  3. From the kadmin shell, run the following command to create the corresponding keytab file. 
    xst -norandkey -k chorus.keytab serviceuser/myhost.myparentdomain.local
Related tasks