Copy the file name from the

KEY_TAB_NAME

column in the SPNKeytabFormat.txt file.

The following example creates a keytab file for the nodeuser01 user:

ktpass.exe -out node01.keytab -princ isp/node01/InfaDomain/COMPANY.COM -mapuser nodeuser01 -pass password -crypto all -ptype KRB5_NT_PRINCIPAL

If the domain uses Kerberos cross realm authentication, the principal user account can exist in any Kerberos realm the domain uses.

Copy the keytab file name from the

KEY_TAB_NAME

column in the SPNKeytabFormat.txt file. Copy the service principal name from the

SPN

column in the SPNKeytabFormat.txt file.

The following example creates a keytab file for a Kerberos principal user account named httpuser01:

ktpass.exe -out webapp_http.keytab -princ HTTP/US001DEV.company.com@COMPANY.COM -mapuser httpuser01 -crypto all -ptype KRB5_NT_PRINCIPAL

Structure the value for the -princ option as <principal name>@<KERBEROS REALM>. Include the name of the LDAP configuration for the Active Directory server in the keytab file name. Structure the keytab file name as follows: <Active Directory LDAP configuration_name>.keytab.

The following example creates a keytab file for a service principal user account named ldapuser:

ktpass.exe -out ActiveDirectoryServer1.keytab -princ ldapuser@COMPANY.COM -mapuser ldapuser -crypto all -ptype KRB5_NT_PRINCIPAL