infra-docs-fpo/modules/howtos/pages/create_keytab.adoc

= How to create a keytab for an user

First obtain Kerberos ticket with kinit:

----
$ kinit myusername@FEDORAPROJECT.ORG
Password for myusername@FEDORAPROJECT.ORG:
----

Then obtain kvno value:

----
$ kvno myusername@FEDORAPROJECT.ORG
myusername@FEDORAPROJECT.ORG: kvno = 42
----

Ticket is no longer needed and can be destroyed:

----
$ kdestroy -p myusername@FEDORAPROJECT.ORG
----

Generate keytab and write it to disk:

----
$ ktutil
ktutil:  addent -password -p myusername@FEDORAPROJECT.ORG -k 42 -f
Password for myusername@FEDORAPROJECT.ORG:
ktutil:  wkt /tmp/kt/fedora
ktutil:  q
----

Done. You can now use the keytab to obtain the ticket without typing password:

----
$ kinit -kt /tmp/kt/fedora myusername@FEDORAPROJECT.ORG
----


(source: https://pagure.io/fedora-infrastructure/issue/9544#comment-706949)