Create keytab

1. Open a command prompt on the Windows domain controller.
2. Change to the root directory: cd /
3. Set the server principal name using a command similar to the following:c:\> setspn -s host/gw-iss.idaasgateway.net IDAASGATEWAY\oag
4. Create a keytab using a ktpass command similar to the following, entering the entire command on one line:c:\> ktpass /princ host/gw-idiaasgateway.net@IDAASGATEWAY.NET /mapuser oag@idaasgateway.net /out c:\oag.keytab /rndPass /pType KRB5_NT_PRINCIPAL /crypto All

5. Copy the keytab to a location that Access Gateway can access. Access Gateway requires access to the keytab when you create the Kerberos service.

Next steps

Add Kerberos service