JavaScript must be enabled in order to use this site.
Jan 24, 2020 The keytab file is a binary file, so be sure to transfer it in a way that does not corrupt it. If possible, use SCP or another secure method to transfer the keytab between computers. If you have to use FTP, be sure to issue the bin command from your FTP client before transferring the file. Creating a Kerberos service principal name and keytab file using z/OS KDC: Before Simple and Protected GSS-API Negotiation (SPNEGO) web authentication and Kerberos authentication can be used, the WebSphere Application Server administrator must first create a Kerberos keytab file on the host that is running WebSphere Application Server.
Please enable JavaScript in your browser and refresh the page.
Generate Keytab File Linux
This method of creating a keytab file on Linux uses the ktutil command.
- Kerberos is installed on the Linux host where Spotfire Server is installed.
- The tools ktutil, klist, and kinit are available on the Linux host.
Procedure
- Start the ktutil tool by invoking it from the command line without any arguments. Execute the commands below, replacing <database account name> with the user login name of the Spotfire database account, written in lowercase letters: Note: It is not critical to use the name 'spotfire‐database.keytab' for the keytab file, but the following instructions assume that this name is used.The tool prompts you for the password of the service account.
- Enter the password that you used when creating the Spotfire database account.
- Verify the created keytab by running the klist and kinit utilities: Note: If you change the password of the Kerberos service account, you must re-create the keytab file.Creating and verifying a keytab file for the 'serverdb_user' Spotfire database account in the research.example.com domain:
- Copy the spotfire-database.keytab file to the following Spotfire Server directory: <installation dir>/jdk/jre/lib/security. Note: Because this file contains sensitive information, it must be handled with care. The file must not under any circumstances be readable by unauthorized users.Note: If you change the password of the Kerberos service account, you must re-create the keytab file.
Copyright © TIBCO Software Inc. All rights reserved.
How To Generate Keytab File For Mac Free
Creating a keytab file
![How To Generate Keytab File For Mac How To Generate Keytab File For Mac](https://flylib.com/books/4/395/1/html/2/images/224fig01.jpg)
You can use the same user account for authentication on all nodes of a cluster. To do so, you must create a keytab file containing the service principal name (SPN) for each of these nodes.
To create a keytab file:
- On the domain controller server, create a user account named
control-<your name>
in the Active Directory Users and Computers snap-in. - If you want to use the AES256-SHA1 encryption algorithm, do the following in the Active Directory Users and Computers snap-in:
- Open the properties of the created account.
- On the Account tab, select the This account supports Kerberos AES 256 bit encryption check box.
- Create a keytab file for the user named
control-<your name>
. To do so, run the following command in the command line:C:Windowssystem32ktpass.exe -princ HTTP/<fully qualified domain name (FQDN) of the node with role Control>@<realm Active Directory domain name in uppercase> -mapuser control-<your name>@<realm Active Directory domain name in uppercase> -crypto <encryption type, RC4-HMAC-NT is recommended> -ptype KRB5_NT_PRINCIPAL -pass <user password control-<your name>> -out C:control-<your name>.keytab
Example name of a node:[email protected]
Hindi typing pdf. The SPN of the node with role Control will be added to the created keytab file. - For each node of the cluster, add an SPN entry to the keytab file. To do so, run the following command:
C:Windowssystem32ktpass.exe -princ HTTP/<fully qualified domain name (FQDN) of the node>@<realm Active Directory domain name in uppercase> -mapuser control-<your name>@<realm Active Directory domain name in uppercase> -crypto <encryption type, RC4-HMAC-NT is recommended> -ptype KRB5_NT_PRINCIPAL -pass <user password control-<your name>> -in C:control-<name of the previously created file>.keytab -out C:control-<new name>.keytab -setupn -setpass
A keytab file named
C:control-<new name>.keytab
will be created. This file will contain all added SPNs of cluster nodes.Example: For example, you created a file named control-tmp1.keytab when completing step 3. In this case, to add one more SPN, you must run the following command:C:Windowssystem32ktpass.exe -princ HTTP/<fully qualified domain name (FQDN) of the node>@<realm Active Directory domain name in uppercase> -mapuser control-<your name>@<realm Active Directory domain name in uppercase> -crypto <encryption type, RC4-HMAC-NT is recommended> -ptype KRB5_NT_PRINCIPAL -pass <user password control-<your name>> -in C:control-tmp1.keytab -out C:control-tmp2.keytab -setupn -setpass To add a third SPN, you must run the following command: Yanmar 1300d service manual. C:Windowssystem32ktpass.exe -princ HTTP/<fully qualified domain name (FQDN) of the node>@<realm Active Directory domain name in uppercase> -mapuser control-<your name>@<realm Active Directory domain name in uppercase> -crypto <encryption type, RC4-HMAC-NT is recommended> -ptype KRB5_NT_PRINCIPAL -pass <user password control-<your name>> -in C:control-tmp2.keytab -out C:control-tmp3.keytab -setupn -setpass This will result in the creation of a file named control-tmp3.keytab containing all three added SPNs. |