howtos/create_keytab.md

# How to create a keytab for an user?

First obtain Kerberos ticket with kinit:

```
$ kinit myusername@FEDORAPROJECT.ORG
Password for myusername@FEDORAPROJECT.ORG:
```

Then obtain kvno value:

```
$ kvno myusername@FEDORAPROJECT.ORG
myusername@FEDORAPROJECT.ORG: kvno = 42
```

Ticket is no longer needed and can be destroyed:

```
$ kdestroy -p myusername@FEDORAPROJECT.ORG
```

Generate keytab and write it to disk:

```
$ ktutil
ktutil:  addent -password -p myusername@FEDORAPROJECT.ORG -k 42 -f
Password for myusername@FEDORAPROJECT.ORG:
ktutil:  wkt /tmp/kt/fedora
ktutil:  q
```

Done. You can now use the keytab to obtain the ticket without typing password:

```
$ kinit -kt /tmp/kt/fedora myusername@FEDORAPROJECT.ORG
```


(source: https://pagure.io/fedora-infrastructure/issue/9544#comment-706949)
Add doc on how to create a keytab Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr> 2021-03-30 10:12:13 +02:00			`# How to create a keytab for an user?`

			`First obtain Kerberos ticket with kinit:`

			```
			`$ kinit myusername@FEDORAPROJECT.ORG`
			`Password for myusername@FEDORAPROJECT.ORG:`
			```

			`Then obtain kvno value:`

			```
			`$ kvno myusername@FEDORAPROJECT.ORG`
			`myusername@FEDORAPROJECT.ORG: kvno = 42`
			```

			`Ticket is no longer needed and can be destroyed:`

			```
			`$ kdestroy -p myusername@FEDORAPROJECT.ORG`
			```

			`Generate keytab and write it to disk:`

			```
			`$ ktutil`
			`ktutil: addent -password -p myusername@FEDORAPROJECT.ORG -k 42 -f`
			`Password for myusername@FEDORAPROJECT.ORG:`
			`ktutil: wkt /tmp/kt/fedora`
			`ktutil: q`
			```

			`Done. You can now use the keytab to obtain the ticket without typing password:`

			```
			`$ kinit -kt /tmp/kt/fedora myusername@FEDORAPROJECT.ORG`
			```


			`(source: https://pagure.io/fedora-infrastructure/issue/9544#comment-706949)`