Kerberos - ktab


ktab is a keytab management utility.

It manage the principal names and service keys stored in a local key table.


Usage: ktab <commands> <options>

Available commands:

-l [-e] [-t]
    list the keytab name and entries. -e with etype, -t with timestamp.
-a <principal name> [<password>] [-n <kvno>] [-append]
    add new key entries to the keytab for the given principal name with
    optional <password>. If a <kvno> is specified, new keys' Key Version
    Numbers equal to the value, otherwise, automatically incrementing
    the Key Version Numbers. If -append is specified, new keys are
    appended to the keytab, otherwise, old keys for the
    same principal are removed.
-d <principal name> [-f] [-e <etype>] [<kvno> | all | old]
    delete key entries from the keytab for the specified principal. If
    <kvno> is specified, delete keys whose Key Version Numbers match
    kvno. If "all" is specified, delete all keys. If "old" is specified,
    delete all keys except those with the highest kvno. Default action
    is "all". If <etype> is specified, only keys of this encryption type
    are deleted. <etype> should be specified as the numberic value etype
    defined in RFC 3961, section 8. A prompt to confirm the deletion is
    displayed unless -f is specified.

Common option(s):

-k <keytab name>
    specify keytab name and path with prefix FILE:


  • windows:
where ktab

Discover More
Kerberos - KeyTab (Key Table)

All Kerberos server machines need a keytab file to authenticate to the KDC. A keytab file contains one or more shared secret key. A service will use a keytab file in much the same way as a user uses...
Kerberos - Windows

Kerberos management on Windows - installation and configuration The following tools obtain, list, and manage Kerberos tickets on Windows: kinit: You use the kinit tool and its options to...

Share this page:
Follow us:
Task Runner