Steps as below -
- Run ktutil to launch the command line utility
- Type command -
- addent -password -p $user@$REALM -k 1 -e $encryptionType
Note replace the highlighted keywords -
- $user - Name of the user
- $REALM - Kerberos realm is the domain over which a Kerberos authentication server has the authority to authenticate a user, host or service
- $encryptionType - Type of Encryption like -
- aes256-cts
- des3-cbc-sha1-kd
- RC4-HMAC
- arcfour-hmac-md5
- des-hmac-sha1
- des-cbc-md5
- , etc.
- You can add one or more entry(s) for different types of encryption.
- When prompted, enter the password for the Kerberos principal user.
- Type the following command to write a keytab file -
- wkt $user.keytab
- Type 'q' to quit the utility.
Verify the keytab is created and has the right User Entry -
- Execute below command -
- klist -ekt $PWD/$user.keytab
Initialize the keytab or generate a ticket-
- Execute below command -
- kinit $user@$REALM -kt $PWD/$user.keytab
Display list of currently cached Kerberos tickets -
- Execute klist
Comments
Post a Comment