Creating a keytab for an AD user

Greg Hudson ghudson at
Sun Sep 23 13:13:45 EDT 2018

On 09/23/2018 11:05 AM, Markus Moeller wrote:
>    Is that a known change (i.e. which AD attribute is used instead of the user id)  and can ktutil addent get an option to set the salt ?

I do not know if Active Directory changed.  On the MIT krb5 side, we 
added a -salt option to ktutil addent in release 1.16.  We also have an 
unfinished feature to fetch the salt from the KDC; I can't say if and 
when that work will be completed.

There is also a popular third-party tool called msktutil which may be 
easier to use for this operation.

In the future, please use kerberos at for operational questions 
like this, not the development list.

More information about the krbdev mailing list