To generate a keytab, or to add a principal to an existing keytab, use
the ktadd
command from kadmin
, which requires the
“inquire” administrative privilege. (If you use the -glob
princ_exp option, it also requires the “list” administrative
privilege.) The syntax is:
ktadd [-k[eytab] keytab] [-q] [-e key:salt_list] [principal | -glob princ_exp] [...]
The ktadd
command takes the following switches:
ktadd
will use the
default keytab file (/etc/krb5.keytab
).
ktadd
to display less verbose
information.
list_principals
(see Retrieving a List of Principals) command.
Here is a sample session, using configuration files that enable only des-cbc-crc encryption. (The line beginning with => is a continuation of the previous line.)
kadmin: ktadd host/daffodil.mit.edu@ATHENA.MIT.EDU kadmin: Entry for principal host/daffodil.mit.edu@ATHENA.MIT.EDU with kvno 2, encryption type DES-CBC-CRC added to keytab WRFILE:/etc/krb5.keytab. kadmin:
kadmin: ktadd -k /usr/local/var/krb5kdc/kadmind.keytab => kadmin/admin kadmin/changepw kadmin: Entry for principal kadmin/admin@ATHENA.MIT.EDU with kvno 3, encryption type DES-CBC-CRC added to keytab WRFILE:/usr/local/var/krb5kdc/kadmind.keytab. kadmin: