The post of yours that I located and which looked promising is here, to
save you some searching:
https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorah...
On 06/26/2018 07:06 AM, Alexander Bokovoy wrote:
On ti, 26 kesä 2018, Bret Wortman via FreeIPA-users wrote:
> What's the correct way to create a user keytab? I had done this once
> about 3 years ago and got it working, but can't find my notes
> anywhere. I need to be able to do this in a script:
>
> kinit -k admin -t /root/keytab
>
> I've tried various approaches using ktutil and kadmin but haven't had
> any success just yet.
Review archives of this mailing list for last month or so. I've
commented in some other thread. Basically, FreeIPA uses a random salt
for user principals. As result, if you need to create a keytab manually
for a user account, you need to know which salt and kvno value to use
along with the password.
However, ktutil only allows you to specify a salt manually since MIT
Kerberos 1.16. The latter is in Fedora 28 or later but not in RHEL or
CentOS yet.