Interoperability with windows 2003 KDC and MIT kerberos V

Douglas E. Engert deengert at
Tue Aug 12 16:41:57 EDT 2003

mings heo wrote:
> I've tested interoperability with windows 2003 KDC and MIT kerberos V.
> when I create linux's service/host account on Windows 2k3,  manually I
> have to make the keytab file on windows and send it to linux.
> I'd like to make generating keytab file on linux automatically without
> making the keytab file manually.

There is the UNIX command Netjoin which is part of the sample code
from Microsoft in the article:
"Interoperability with Microsoft Windows 2000 Active Directory and
Kerberos Services", John Brezak, Microsoft Corporation, February 2000

This is on the Developer's network and at:

(I have not tried this.)

Or you can still create the entry in AD, and use the ktpass command to 
map the principal to the AD account. When you do this you specify a password. 

You can use the MIT "ktutil addent" command with the -password
option to add a key to the keytab. 

The ktpass will also list the key in hex, so you could also use
that with the ktutil addent -key to create the keytab. in case there is
any questrion as to what strig-to-key is being used.  

> please tell me how to do.
> ________________________________________________
> Kerberos mailing list           Kerberos at


 Douglas E. Engert  <DEEngert at>
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439 
 (630) 252-5444

More information about the Kerberos mailing list