Stack Overflow
Stack Overflow

Questions tagged [ktpass]

For questions involving the usage of ktpass.exe - Kerberos keytab creation in Windows Active Directory.

ktpass.exe is the command used to create a key table file (keytab) in a Windows Active Directory network. ktpass must be run on either a member server or a domain controller of the Active Directory domain. Note that Keytabs must be created on a Windows Server operating system such as Windows Server 2008, 2012, or 2016. Keytabs cannot be created on a workstation operating system, such as Windows 7, 8 or Windows 10. When running ktpass.exe, the Command-line shell (cmd.exe) must be run under the context of administrator.

Further Reference: Kerberos Keytabs – Explained

13 questions
6
votes
1 answer

Creating a keytab to use with kinit in Windows

I am writing a pGina plugin to get AFS Tokens and a Kerberos TGT from our KDC at login, while writing I noticed a 'feature' of kinit being that it wont let you provide any input unless its from the keyboard, there went my idea of just redirecting…
rolands
  • 312
  • 1
  • 4
  • 14
4
votes
1 answer

What is needed to generate kerberos keytab file on windows?

I was looking for answer to above question on different web sites but in the every case there was how to generate keytab file. I need keytab to get hbase connection which contains kerberos authentication.
Michal Kowalczyk
  • 43
  • 1
  • 1
  • 4
3
votes
2 answers

Kerberos - AES-256 Keytab does not work

Our AD Team is going to disable RC4-HMAC so I have to change our JBoss-applications to AES. I added the aes types to krb5.conf and created new keytabs but that seems to not work. Tests besides the application with kinit show the same results. There…
Spezieh
  • 154
  • 1
  • 2
  • 8
3
votes
1 answer

Kerberos keytab file contains multiple entries

I am trying to authenticate a user for my service using kerberos. I attached SPN to a user using setspn -s HTTP/ . Then I used ktpass command for the above SPN attached user. But the generated keytab file has multiple entries,…
user3106657
  • 95
  • 4
  • 11
3
votes
0 answers

Can I verify the password in a keytab file?

I have a Kerberos keytab file. Is there an easy way to verify that the password contained is the one that I assume? I looked at the file in a hex editor, and, according to the structure described at…
FrankPl
  • 13,205
  • 2
  • 14
  • 40
2
votes
1 answer

Password parameter with special characters

I've looked through a ton of posts on here and across the web about special characters in Powershell, but no matter what I've tried so far my command continues to get caught up on special characters. I'm trying to generate a keytab with the…
Cameron Ezell
  • 81
  • 6
2
votes
2 answers

Kerberos and multiple SPNs

I managed to setup Kerberos authentication for 1 server and is up and running ok. Now I have a project where I have to add another server to Kerberos configuration as follow: 1) AD server 2) server1 where service is running 3) server2 where same…
novak100
  • 1,259
  • 1
  • 12
  • 20
2
votes
1 answer

Purpose of mapuser in ktpass

I just want to find out what the purpose of mapping a user to a service using ktpass is. For example I am on Windows and I run ktpass like this: ktpass -out -princ -mapUser useraccount@domain.com -mapOp add…
dorothy
  • 1,213
  • 5
  • 20
  • 35
1
vote
0 answers

Kerberos keytab file generation error: "Failed to set property 'servicePrincipalName' / Warning: Unable to set SPN mapping data"

I am trying to generate a keytab file for kerberos setup. I keep getting an error "Failed to set property "ServicePrinciplalName."" My call Looks like this: ktpass -out ssowebapp.keytab -princ HTTP/pdx-kerbtest@DEV -COMPANY.LOCAL -mapUser…
Lee Rudd
  • 11
  • 1
1
vote
2 answers

Is the ktpass command disable password authentication

I just have a little question about the ktpass command. I have a user my-test-user with a password myPassword!. I can log in with this account via the username and the password. But when I use the following command to generate a keytab file, I just…
M4kn4sh
  • 540
  • 7
  • 22
1
vote
1 answer

Windows Server 2003 -Ktpass - crypto: enum value 'rc4-hmac' is not known

I'm trying to create a keytab with Ktpass on a Windows Server 2003. Ktpass -princ host/prueba-mail.ejemplo.org@EJEMPLO.ORG -mapuser host -pass password -crypto rc4-hmac -out UNIXhost.keytab I get the following error: crypto: enum value 'rc4-hmac'…
Maria José
  • 87
  • 3
  • 13
0
votes
0 answers

Implementing a Keytab File on Windows Server

I'm currently running Windows Server 2012. We have SQL Server connected to Hadoop, Via an ODBC connector. The connection to Hadoop uses Windows Authentication, via an MIT Kerberos ticket generator program. The tickets only last for 24 hours, so it's…
Depth of Field
  • 307
  • 2
  • 16
-1
votes
1 answer

kerberos authentication- functional group

I have some AD users, which are linked to a functional group. My question is how to mention this functional group into keytab command? as per my understanding keytab uses AD username and password. Also is it mandatory to mention password in keytab…
Satish
  • 19
  • 3