Previous Topic: KDC Configuration on a UNIX System

Next Topic: Create a Keytab File on a UNIX System

Federation Manager Agent for Windows Authentication GuideDeployment Prerequisites for the Federation Manager AgentCreate a Keytab File on Windows

Create a Keytab File on Windows

A keytab file is required for Kerberos authentication. The keytab file can be created on a Windows system or a UNIX system.

To create the keytab file on Windows

  1. Open a command-prompt window.
  2. Enter the following command: 
    ktpass -out output_keytab_location -princ SPN_name -ptype KRB5_NT_PRINCIPAL ‑mapuser username -pass password

The keytab file is created.

For example:

ktpass -out c:\workstation.keytab -princ HTTP/ IWAConnectorHostName.idp.com@IDP.COM 
-ptype KRB5_NT_PRINCIPAL -mapuser testkrb -pass password
Targeting domain controller: winkdc.idp.com
Using legacy password setting method
Successfully mapped HTTP/ IWAConnectorHostName.idp.com to testkrb.
Key created.
Output keytab to c:\workstation.keytab:
Keytab version: 0x502
keysize 67 HTTP/ IWAConnectorHostName.idp.com@IDP.COM ptype 1 (KRB5_NT_PRINCIPAL) vno 2 etype 0x17 (RC4-HMAC) keylength 16 (0xfd77a26f1f5d61d1fafd67a2d88784c7)