40 lines
810 B
Markdown
40 lines
810 B
Markdown
# How to create a keytab for an user?
|
|
|
|
First obtain Kerberos ticket with kinit:
|
|
|
|
```
|
|
$ kinit myusername@FEDORAPROJECT.ORG
|
|
Password for myusername@FEDORAPROJECT.ORG:
|
|
```
|
|
|
|
Then obtain kvno value:
|
|
|
|
```
|
|
$ kvno myusername@FEDORAPROJECT.ORG
|
|
myusername@FEDORAPROJECT.ORG: kvno = 42
|
|
```
|
|
|
|
Ticket is no longer needed and can be destroyed:
|
|
|
|
```
|
|
$ kdestroy -p myusername@FEDORAPROJECT.ORG
|
|
```
|
|
|
|
Generate keytab and write it to disk:
|
|
|
|
```
|
|
$ ktutil
|
|
ktutil: addent -password -p myusername@FEDORAPROJECT.ORG -k 42 -f
|
|
Password for myusername@FEDORAPROJECT.ORG:
|
|
ktutil: wkt /tmp/kt/fedora
|
|
ktutil: q
|
|
```
|
|
|
|
Done. You can now use the keytab to obtain the ticket without typing password:
|
|
|
|
```
|
|
$ kinit -kt /tmp/kt/fedora myusername@FEDORAPROJECT.ORG
|
|
```
|
|
|
|
|
|
(source: https://pagure.io/fedora-infrastructure/issue/9544#comment-706949)
|