From 8dc5f17b3c795bac15646b6656411ee21c6bb292 Mon Sep 17 00:00:00 2001
From: Pierre-Yves Chibon <pingou@pingoured.fr>
Date: Tue, 30 Mar 2021 10:12:13 +0200
Subject: [PATCH] Add doc on how to create a keytab

Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
---
 create_keytab.md | 40 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)
 create mode 100644 create_keytab.md

diff --git a/create_keytab.md b/create_keytab.md
new file mode 100644
index 0000000..2b40c6c
--- /dev/null
+++ b/create_keytab.md
@@ -0,0 +1,40 @@
+# How to create a keytab for an user?
+
+First obtain Kerberos ticket with kinit:
+
+```
+$ kinit myusername@FEDORAPROJECT.ORG
+Password for myusername@FEDORAPROJECT.ORG:
+```
+
+Then obtain kvno value:
+
+```
+$ kvno myusername@FEDORAPROJECT.ORG
+myusername@FEDORAPROJECT.ORG: kvno = 42
+```
+
+Ticket is no longer needed and can be destroyed:
+
+```
+$ kdestroy -p myusername@FEDORAPROJECT.ORG
+```
+
+Generate keytab and write it to disk:
+
+```
+$ ktutil
+ktutil:  addent -password -p myusername@FEDORAPROJECT.ORG -k 42 -f
+Password for myusername@FEDORAPROJECT.ORG:
+ktutil:  wkt /tmp/kt/fedora
+ktutil:  q
+```
+
+Done. You can now use the keytab to obtain the ticket without typing password:
+
+```
+$ kinit -kt /tmp/kt/fedora myusername@FEDORAPROJECT.ORG
+```
+
+
+(source: https://pagure.io/fedora-infrastructure/issue/9544#comment-706949)