Creating a keytab for an AD user

Idan Freiberg speidy at
Sun Sep 23 15:37:27 EDT 2018

Microsoft’s utility called ‘ktpass’ and it fetches the salt from KDC.

בתאריך יום א׳, 23 בספט׳ 2018 ב-20:14 מאת Greg Hudson <ghudson at>:

> On 09/23/2018 11:05 AM, Markus Moeller wrote:
> >    Is that a known change (i.e. which AD attribute is used instead of
> the user id)  and can ktutil addent get an option to set the salt ?
> I do not know if Active Directory changed.  On the MIT krb5 side, we
> added a -salt option to ktutil addent in release 1.16.  We also have an
> unfinished feature to fetch the salt from the KDC; I can't say if and
> when that work will be completed.
> There is also a popular third-party tool called msktutil which may be
> easier to use for this operation.
> In the future, please use kerberos at for operational questions
> like this, not the development list.
> _______________________________________________
> krbdev mailing list             krbdev at
Idan Freiberg

GPG FP: 8108 7EC9 806E 4980 75F2  72B3 8AD3 2D04 337B 1F18

More information about the krbdev mailing list