Node:Extract Host Keytabs for the KDCs, Next:, Previous:Create Host Keys for the Slave KDCs, Up:Install the Slave KDCs

Extract Host Keytabs for the KDCs

Each KDC (including the master) needs a keytab to decrypt tickets. Ideally, you should extract each keytab locally on its own KDC. If this is not feasible, you should use an encrypted session to send them across the network. To extract a keytab on a KDC called, you would execute the following command:

     kadmin: ktadd host/
     kadmin: Entry for principal host/ with
          kvno 1, encryption type DES-CBC-CRC added to keytab

Note that the principal must exist in the Kerberos database in order to extract the keytab.