A keytab is simply a file that stores authentication credentials information to help users access remote systems easily.

The file contains Kerberos principals along with encrypted keys. Keep in mind that the keys are automatically generated from the Kerberos password.

Thereore, the encrypted keys will change whenever you change the Kerberos password.

How to create a keytab file ?

  • Install a Kerberos Client.
  • Run the command Ktutil in a terminal, and follow the instructions
  > ktutil
  ktutil:  addent -password -p username@YOUR.DOMAIN.COM -k 1 -e aes256-cts
  Password for username@YOUR.DOMAIN.COM: [enter your password]
  ktutil:  wkt username.keytab
  ktutil:  quit
- In Line 2, **aes256-cts** is the encryption algoritm used. You can change it.
- Line 4 allows you to create the keytab file with your username.

How to Use a keytab file to authenticate scripts ?

  > kinit username@YOUR.DOMAIN.COM -k -t username.keytab; myscript

How to list keys in a keytab file ?

  > kinit -k username.keytab

Outputs:
version_number username@YOUR.DOMAIN.COM
version_number username@YOUR.DOMAIN.COM

How to delete a key from a keytab file ?

  > ktutil
  ktutil: read_kt username.keytab
  ktutil: list

  ...
  slot# version# username@YOUR.DOMAIN.COM        version#
  ...

  ktutil: delent slot#
  ktutil: quit

How to merge keytab files ?

 > ktutil
  ktutil: read_kt mykeytab1.keytab
  ktutil: read_kt mykeytab2.keytab
  ktutil: read_kt mykeytab3.keytab
  ktutil: read_kt mykeytab4.keytab
  ktutil: write_kt merged.keytab
  ktutil: quit

To verify the merge :
klist -k merged.keytab

Written by

Albert Oplog

Hi, I'm Albert Oplog. I would humbly like to share my tech journey with people all around the world.