How can you create a keytab using vastool for a user account, for instance you would like to use kerberos credentials to automate sso logins via sshd instead of using sshd keys
There are a few ways to do this.
The first would require changing the password on the account.
E.g.
# /opt/quest/bin/vastool -u <user> passwd -k /etc/opt/quest/vas/user.keytab
Where /etc/opt/quest/vas/user.keytab is the path where you want the keytab to be stored.
To create a keytab without changing the password on the account:
1. Find out the KVNO of the account by running the following command:
# /opt/quest/bin/vastool -u host/ attrs username msDS-KeyVersionNumber
Note the version number to use in the next step.
2. Manually create the Keytab.
# /opt/quest/bin/ktutil -k /etc/opt/quest/vas/username.keytab add -p username@YOURDOMAIN.COM -e arcfour-hmac-md5 -V <KVNONumberfromabove> -w <passwordforaccount>
# /opt/quest/bin/ktutil -k /etc/opt/quest/vas/username.keytab add -p username@YOURDOMAIN.COM -e aes256-cts-hmac-sha1-96 -V <KVNONumberfromabove> -w <passwordforaccount>
# /opt/quest/bin/ktutil -k /etc/opt/quest/vas/username.keytab add -p username@YOURDOMAIN.COM -e aes128-cts-hmac-sha1-96 -V <KVNONumberfromabove> -w <passwordforaccount>
To authenticate using the keytab created use the following command
# /opt/quest/bin/vastool -k <keytab path> kinit <user>
© ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center