All Kerberos server machines need a keytab file to authenticate to the KDC.
A keytab file contains one or more shared secret key.
A service will use a keytab file in much the same way as a user uses his/her password.
/etc/krb5.keytab
C:\Program Files\Support Tools>
setspn -A HTTP/myappserver.austin.ibm.com myappserver
ktab.exe –k keytab-file-name –a [email protected]
(NB realm name must be specified in capitals).
To generate a .keytab file for a host computer that is not running the Windows operating system,
ktpass /princ host/[email protected] /mapuser Sample1 /pass MyPas$w0rd /out Sample1.keytab /crypto all /ptype KRB5_NT_PRINCIPAL /mapop set