5.2. Exporting Keytab
Once you have created the user account for the application server, use the Ktpass utility to map the SPN account as a trusted host and export the keytab for the server:
- Issue the ktpass command to map the created user as a trusted host and generate the keytab file. The
-princoption defines the service principal that is being mapped to and the-mapuseroption defines the user account being mapped to.ktpass-princ<service principal mapping>-out<target keytab file>-pass*-mapuser<user mapping>Example 5.1. ktpass command
ktpass-princhost/testserver@kerberos.jboss.org-outC:\testeserver.host.keytab-pass*-mapuserKERBEROS\testserver - When prompted, enter the user password.
- Issue the following command to display the available mappings and check if the new mapping is enlisted:
setspn.exe-l<user mapping>Example 5.2. setspn command
setspn.exe-ltestserver
