I found your post, but the paste you made was gone. You don't happen to
still have that laying around, do you?
On 06/26/2018 07:06 AM, Alexander Bokovoy wrote:
On ti, 26 kesä 2018, Bret Wortman via FreeIPA-users wrote:
> What's the correct way to create a user keytab? I had done this once
> about 3 years ago and got it working, but can't find my notes
> anywhere. I need to be able to do this in a script:
>
> kinit -k admin -t /root/keytab
>
> I've tried various approaches using ktutil and kadmin but haven't had
> any success just yet.
Review archives of this mailing list for last month or so. I've
commented in some other thread. Basically, FreeIPA uses a random salt
for user principals. As result, if you need to create a keytab manually
for a user account, you need to know which salt and kvno value to use
along with the password.
However, ktutil only allows you to specify a salt manually since MIT
Kerberos 1.16. The latter is in Fedora 28 or later but not in RHEL or
CentOS yet.