Created 07-26-2016 02:39 PM
Anyone knows how to do with AD adkeytab command?
step 8 requires to add more than more principals in the same keytab.
Created 07-26-2016 02:56 PM
An example of how to add service princple to keytab
denver # /usr/sbin/kadmin kadmin: ktadd firstname.lastname@example.org@EXAMPLE.COM kadmin: Entry for principal email@example.com@EXAMPLE.COM with kvno 2, encryption type DES-CBC-CRC added to keytab WRFILE:/etc/krb5/krb5.keytab. kadmin: quit
Created 07-26-2016 03:25 PM
Thanks Sunile. We got that already. This is for adding two principals in the same key tab using AD, not MIT kdc.
Created 07-26-2016 04:04 PM
Created 07-27-2016 04:53 PM
Yes. However, we use adkeytab from Centrify. Here is a blog on this (he used adkeytab to add spn and kutil to merge with no detailed steps).
Created 07-28-2016 08:06 PM
here is example with ktutil
thanks @Laurent Edel
Created 07-27-2016 09:50 AM
To add a new keytab you can use ktpass in AD-Kerberos with the following syntax:
ktpass -out <keytabname>.keytab -princ <principal name> -pass <password> -mapuser <user_to_map_in_AD> -mapop set -crypto All -ptype KRB5_NT_PRINCIPAL
Created 07-27-2016 04:29 PM
Did you use ktutil to merge?
Created 07-27-2016 07:23 PM
Here is how you can add multiple principals to same keytab. Go to kadmin or kadmin.local and then
kadmin: xst -norandkey -k <desired keytab file name> principal1/<host fully qualified domain name> principal2/fully.qualified.domain.name
You can also use ktadd command to add a pricipal to an existing keytab. Please see following link.
ktadd -k <your keytab file that contains one keytab already> principal