Okay. I may have done this under Fedora before, then. I'll go back and
search the archives.
Thanks, Alexander!
On 06/26/2018 07:06 AM, Alexander Bokovoy wrote:
On ti, 26 kesä 2018, Bret Wortman via FreeIPA-users wrote:
> What's the correct way to create a user keytab? I had done this once
> about 3 years ago and got it working, but can't find my notes
> anywhere. I need to be able to do this in a script:
>
> kinit -k admin -t /root/keytab
>
> I've tried various approaches using ktutil and kadmin but haven't had
> any success just yet.
Review archives of this mailing list for last month or so. I've
commented in some other thread. Basically, FreeIPA uses a random salt
for user principals. As result, if you need to create a keytab manually
for a user account, you need to know which salt and kvno value to use
along with the password.
However, ktutil only allows you to specify a salt manually since MIT
Kerberos 1.16. The latter is in Fedora 28 or later but not in RHEL or
CentOS yet.