Create keytab
Access Gateway requires a set of keytab to create the Kerberos service.
In this task we execute commands on the Windows domain controller to create the required keytab file.
- Return to the Windows domain controller.
- Open a command prompt.
- Change directory to the root using a command similar to:
cd / - Execute the setspn command, for example:
c:\> setspn -s host/gw-iss.idaasgateway.net IDAASGATEWAY\oag checking DC=isaasgateway, DC=net
Registering ServicePrincipleNames for cn=oag service, CN=Users,DC=idaasgateway,DC=net host/gw-iss.idaasgateway.net Updated object
c:\> - Execute the ktpass command, for example:
c:\> ktpass /princ host/gw-idiaasgateway.net@IDAASGATEWAY.NET /mapuser oag@idaasgateway.net /out c:\oag.keytab /rndPass /pType KRB5_NT_PRINCIPAL /crypto All Targeting domain controller: . . . Key created Output keytab to oag.keytab: . . . c:\> - Transfer the generated keytab file to a location accessible to Access Gateway. During the create Kerberos service task this file will need to be accessible to Access Gateway.