Node:Adding Principals to Keytabs, Next:Removing Principals from Keytabs, Previous:Keytabs, Up:Keytabs
To generate a keytab, or to add a principal to an existing keytab, use
the ktadd command from kadmin, which requires the
"inquire" administrative privilege.  (If you use the -glob
princ_exp option, it also requires the "list" administrative
privilege.)  The syntax is:
     ktadd [-k[eytab] keytab] [-q] [-e
     key:salt_list] [principal | -glob princ_exp]
     [...]
     
The ktadd command takes the following switches:
     
ktadd will use the
default keytab file (/etc/krb5.keytab).
     ktadd to display less verbose
information.
     list_principals (see Retrieving a List of Principals) command. 
Here is a sample session, using configuration files that enable only
des-cbc-crc encryption. (The line beginning with => is a
continuation of the previous line.)
     kadmin: ktadd host/daffodil.mit.edu@ATHENA.MIT.EDU
     kadmin: Entry for principal host/daffodil.mit.edu@ATHENA.MIT.EDU with
          kvno 2, encryption type DES-CBC-CRC added to keytab
          WRFILE:/etc/krb5.keytab.
     kadmin:
     
     kadmin: ktadd -k /usr/local/var/krb5kdc/kadmind.keytab
     => kadmin/admin kadmin/changepw
     kadmin: Entry for principal kadmin/admin@ATHENA.MIT.EDU with
          kvno 3, encryption type DES-CBC-CRC added to keytab
          WRFILE:/usr/local/var/krb5kdc/kadmind.keytab.
     kadmin: