How can I export a Kerberos keytab with a given password, so I can use it to authenticate passwordlessly with MIT KfW, while still being able to authenticate with a password elsewhere? If it matters due to enctype issues or something like that, the KDC is MIT.
Thanks
I figured this out myself.
537> /usr/sbin/ktutil
ktutil: add_entry -password -p fahad@CLUENET.ORG -k 1 -e aes256-cts-hmac-sha1-96
Password for fahad@CLUENET.ORG:
ktutil: add_entry -password -p fahad@CLUENET.ORG -k 1 -e aes128-cts-hmac-sha1-96
Password for fahad@CLUENET.ORG:
ktutil: add_entry -password -p fahad@CLUENET.ORG -k 1 -e des3-cbc-sha1
Password for fahad@CLUENET.ORG:
ktutil: add_entry -password -p fahad@CLUENET.ORG -k 1 -e arcfour-hmac-md5
Password for fahad@CLUENET.ORG:
ktutil: add_entry -password -p fahad@CLUENET.ORG -k 1 -e arcfour-hmac-md5-exp
Password for fahad@CLUENET.ORG:
ktutil: add_entry -password -p fahad@CLUENET.ORG -k 1 -e des-cbc-md5
Password for fahad@CLUENET.ORG:
ktutil: add_entry -password -p fahad@CLUENET.ORG -k 1 -e des-cbc-crc
Password for fahad@CLUENET.ORG:
ktutil: write_kt keytab
ktutil:
I exported the keytab in all of the supported enctypes, for maximum compatibility.