Kerberos

Raimund Sacherer rs at logitravel.com
Thu Jul 16 07:20:04 UTC 2015


Hello Greg, 

> C:\Windows\system32>ktpass -princ HTTP/ad01.example.local at EXAMPLE.LOCAL
> -mapuser aduser -pass P@$$word -ptype KRB5_NT_PRINCIPAL -out
> :\temp\krb5.keytab

For what its worth, we have a couple of servers authenticating against an 2012 domain and we create the key tab file like this:
setspn -A HTTP/service.host.name windowsusername

ktpass -out key.tab -princ HTTP/service.host.name at EXAMPLE.LOCAL -mapUser windowsuser -mapOp set -pass password -crypto RC4-HMAC-NT -pType KRB5_NT_PRINCIPAL 


At times we have instead of RC4-HMAC-NT set ALL. 

Hope this helps, 

best


More information about the freebsd-questions mailing list