Anyone knows how to do with AD adkeytab command?
step 8 requires to add more than more principals in the same keytab.
An example of how to add service princple to keytab
denver # /usr/sbin/kadmin kadmin: ktadd firstname.lastname@example.org@EXAMPLE.COM kadmin: Entry for principal email@example.com@EXAMPLE.COM with kvno 2, encryption type DES-CBC-CRC added to keytab WRFILE:/etc/krb5/krb5.keytab. kadmin: quit
Yes. However, we use adkeytab from Centrify. Here is a blog on this (he used adkeytab to add spn and kutil to merge with no detailed steps).
To add a new keytab you can use ktpass in AD-Kerberos with the following syntax:
ktpass -out <keytabname>.keytab -princ <principal name> -pass <password> -mapuser <user_to_map_in_AD> -mapop set -crypto All -ptype KRB5_NT_PRINCIPAL
Here is how you can add multiple principals to same keytab. Go to kadmin or kadmin.local and then
kadmin: xst -norandkey -k <desired keytab file name> principal1/<host fully qualified domain name> principal2/fully.qualified.domain.name
You can also use ktadd command to add a pricipal to an existing keytab. Please see following link.
ktadd -k <your keytab file that contains one keytab already> principal