Create keytab

Access Gateway requires a set of keytab to create the Kerberos service.
In this task we execute commands on the Windows domain controller to create the required keytab file.

1. Return to the Windows domain controller.
2. Open a command prompt.
3. Change directory to the root using a command similar to:
   cd /
4. Execute the setspn command, for example:
   c:\> setspn -s host/gw-iss.idaasgateway.net IDAASGATEWAY\oag checking DC=isaasgateway, DC=net
   Registering ServicePrincipleNames for cn=oag service, CN=Users,DC=idaasgateway,DC=net host/gw-iss.idaasgateway.net Updated object
   c:\>
5. Execute the ktpass command, for example:
   c:\> ktpass /princ host/gw-idiaasgateway.net@IDAASGATEWAY.NET /mapuser oag@idaasgateway.net /out c:\oag.keytab /rndPass /pType KRB5_NT_PRINCIPAL /crypto All Targeting domain controller: . . . Key created Output keytab to oag.keytab: . . . c:\>
   
6. Transfer the generated keytab file to a location accessible to Access Gateway. During the create Kerberos service task this file will need to be accessible to Access Gateway.

Next steps

Add Kerberos service