Generating the keytab file with the command in the document (ktpass) shows as encryption rc4-hmac
search cancel

Generating the keytab file with the command in the document (ktpass) shows as encryption rc4-hmac

book

Article ID: 278133

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

Need to generate a keytab file that is AES256-SHA1 not rc4-hmac 

The command we followed from the docs 
ktpass -princ http/[email protected] -mapuser <service_userName> -pass <password> -out kerberos.keytab

 

Resolution

There are additional parameters you can specify with ktpass to specifically set the crypto 

Generate keytab file from AD:

ktpass -out <keytab_name>.keytab -princ http/<gateway_hostname>@<KERBEROS_REALM> -mapUser ADDOMAIN\<service_account> -mapOp set -pass firewall -crypto AES256-SHA1 -pType KRB5_NT_PRINCIPAL