On ti, 26 kesä 2018, Bret Wortman via FreeIPA-users wrote:
What's the correct way to create a user keytab? I had done this
once
about 3 years ago and got it working, but can't find my notes
anywhere. I need to be able to do this in a script:
kinit -k admin -t /root/keytab
I've tried various approaches using ktutil and kadmin but haven't had
any success just yet.
Review archives of this mailing list for last month or so.
I've
commented in some other thread. Basically, FreeIPA uses a random salt
for user principals. As result, if you need to create a keytab manually
for a user account, you need to know which salt and kvno value to use
along with the password.
However, ktutil only allows you to specify a salt manually since MIT
Kerberos 1.16. The latter is in Fedora 28 or later but not in RHEL or
CentOS yet.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland