[Freeipa-users] Re: Creating a user keytab

On ti, 26 kesä 2018, Bret Wortman via FreeIPA-users wrote: > What's the correct way to create a user keytab? I had done this once > about 3 years ago and got it working, but can't find my notes > anywhere. I need to be able to do this in a script: > >    kinit -k admin -t /root/keytab > > I've tried various approaches using ktutil and kadmin but haven't had > any success just yet. Review archives of this mailing list for last month or so. I've commented in some other thread. Basically, FreeIPA uses a random salt for user principals. As result, if you need to create a keytab manually for a user account, you need to know which salt and kvno value to use along with the password. However, ktutil only allows you to specify a salt manually since MIT Kerberos 1.16. The latter is in Fedora 28 or later but not in RHEL or CentOS yet.