If you want to configure your UNIX hosts to use a Windows 2000-based server as a Kerberos Key Distribution Center (KDC), you must generate a Kerberos keytab file. You can use the Ktpass utility, which is included with the Microsoft Windows 2000 Resource Kit, to create a keytab file for your UNIX host.
The Ktpass.exe Syntax
The Ktpass utility creates Kerberos keytab files that are used by UNIX Kerberos-based systems to define KDC hosts and user/service mappings.
The syntax for the command is:
ktpass /out filename /princ username [/mapuser] [/in filename] [/crpyto type] [/ptype type] [/keyno keynum] [/?]
After you generate the keytab file, either replace the existing file or merge the new file with the existing /etc/krb5.keytab file.
Generate a UNIX Host Keytab File
To create a UNIX keytab file to permit the UNIX host to authenticate with a Windows 2000-based server, you must create a user in Active Directory in Windows 2000. This user is used by the Kerberos service on the client. Then, generate the keytab file and copy it to the UNIX host.
To generate the host keytab file:
- Start the Active Directory Management tool.
- Right-click the Users folder, point to New, and then click User.
- Type the name of the UNIX host for which you want to add Kerberos support.
- Save the user.
- Start a command prompt, and then type the following command
ktpass -princ host/hostname@NT-DNS-REALM-NAME -mapuser account -pass password -out UNIXmachine.keytab
- hostname is the host's DNS name.
- NT-DNS-REALM-NAME is the Active Directory domain name with which you want to authenticate.
- account is the account that you created in Active Directory.
- password is the password for the account.
- Copy the resulting keytab file to the UNIX host. Use the Ktutil tool to merge this file with the existing configuration file.
Article ID: 324144 - Last Review: November 1, 2006 - Revision: 3.1
- Microsoft Windows 2000 Professional Edition
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Small Business Server 2000 Standard Edition
|kbhowto kbhowtomaster KB324144|