Creating a keytab file

After you create the SPN, you must create a keytab file for the service. The keytab file allows the service to log in without a password. The keytab file must be re-created if the service account password changes.

Procedure

Use the following command to create a keytab file:

ktpass -out krb5.keytab -princ SPN -mapUser username -mapOp set -pass password -pType KRB5_NT_PRINCIPAL -crypto RC4-HMAC-NT

For example,

ktpass -out krb5.keytab -princ dqm/myserver.mydomain.com@mywindowsdomain.com -mapUser dqmuser@mywindowsdomain -mapOp set -pass password -pType KRB5_NT_PRINCIPAL -crypto RC4-HMAC-NT