Create keytab

Access Gateway requires a set of keytab to create the Kerberos service.
In this task we execute commands on the Windows domain controller to create the required keytab file.

  1. Return to the Windows domain controller.
  2. Open a command prompt.
  3. Change directory to the root using a command similar to:
    cd /
  4. Execute the setspn command, for example:
    c:\> setspn -s host/gw-iss.idaasgateway.net IDAASGATEWAY\oag
    checking DC=isaasgateway, DC=net
    Registering ServicePrincipleNames for cn=oag service, CN=Users,DC=idaasgateway,DC=net host/gw-iss.idaasgateway.net Updated object
    c:\>
  5. Execute the ktpass command, for example:
    c:\> ktpass /princ host/gw-idiaasgateway.net@IDAASGATEWAY.NET /mapuser oag@idaasgateway.net /out c:\oag.keytab /rndPass /pType KRB5_NT_PRINCIPAL /crypto All
    Targeting domain controller:
    . . . 
    Key created
    Output keytab to oag.keytab:
    . . . 
    c:\> 

  6. Transfer the generated keytab file to a location accessible to Access Gateway. During the create Kerberos service task this file will need to be accessible to Access Gateway.