Subject: ktab + kinit + klist -- Kerberos key and ticket cache management tools
Author: eLDAP
Posted on: 03/12/2013 11:40:35 PM
ktab -- A keytab management tool
ktab allows the user to manage the principal names and service keys stored in a local keytab. A keytab is a host's copy of its own keylist, which is analogous to a user's password.
Syntax
List:
ktab -l [-k <keytab_name>]
Add:
ktab -a <principal_name> [<password>] [-k <keytab_name>]
Delete:
ktab -d <principal_name> [-k <keytab_name>]
Examples:
C:\temp>ktab -a test_user@TEST_REALM.COM -k test_user.keytab
Password for test_user@TEST_REALM.COM:<password>
Done!
Service key for test_user@TEST_REALM.COM is saved in test_user.keytab
C:\temp>ktab -l -k test_user.keytab
Keytab name: C:\temp\test_user.keytab
KVNO Principal
--------------------------------------------------------------------------
1 test_user@TEST_REALM.COM
1 test_user@TEST_REALM.COM
1 test_user@TEST_REALM.COM
1 test_user@TEST_REALM.COM
Note:
By default, the keytab name is retrieved from the Kerberos configuration file C:\Windows\krb5.ini from entry default_keytab_name = FILE:<path-to-file>, if you do not specify it with -k;
If the keytab name is not specifed in the Kerberos configuration file, the name is assumed to be <USER_HOME>\krb5.keytab.
There is no need for KDC to authenticate the user during the process of generating keytab.
Replies:
References: