Creating a keytab file for the Kerberos service account (using the ktpass command from Microsoft Support Tools)
This method of creating a keytab file uses the ktpass command that is included with Microsoft Support Tools.
Procedure
-
On a computer with the Microsoft Support Tools installed (it is not necessary to be logged in as a privileged user), execute the following command, replacing the
<database account name>,<REALM>,<crypto algorithm>, and<database account password>with the appropriate values.<crypto algorithm>can be one ofaes128-sha1oraes256-sha1. Make sure that the selected crypto algorithm is also specified in the krb5.conf file.Note: All values are case sensitive.> ktpass /princ <database account name>@<REALM> /ptype krb5_nt_principal / crypto <crypto algorithm> /out spotfire-database.keytab -kvno 0 /pass <database account password>Note: It is not critical to use the name "spotfire‐database.keytab" for the keytab file, but the following instructions assume that this name is used.Example of creating a keytab file for the Spotfire database account named "spotuser" in the research.example.com domain:> ktpass /princ spotuser@RESEARCH.EXAMPLE.COM /ptype krb5_nt_principal / crypto aes128-sha1 /out spotfire-database.keytab -kvno 0 /pass spotuserpassword -
Copy the
spotfire-database.keytab file to the directory
<installation dir>\tomcat\spotfire-config (Windows) or
<installation dir>/tomcat/spotfire-config (Linux) in
Spotfire Server.
Note: Because this file contains sensitive information, it must be handled with care. The file must not under any circumstances be readable by unauthorized users.Note: If you change the password of the Kerberos service account, you must re-create the keytab file.