Create keytab

  1. Open a command prompt on the Windows domain controller.
  2. Change to the root directory: cd /
  3. Set the server principal name using a command similar to the following:c:\> setspn -s host/ IDAASGATEWAY\oag
  4. Create a keytab using a ktpass command similar to the following, entering the entire command on one line:c:\> ktpass /princ host/ /mapuser /out c:\oag.keytab /rndPass /pType KRB5_NT_PRINCIPAL /crypto All
  5. Copy the keytab to a location that Access Gateway can access. Access Gateway requires access to the keytab when you create the Kerberos service.