5.2. Exporting Keytab

Issue the ktpass command to map the created user as a trusted host and generate the keytab file. The -princ option defines the service principal that is being mapped to and the -mapuser option defines the user account being mapped to.

 ktpass -princ <service principal mapping> -out <target keytab file> -pass * -mapuser <user mapping> 

 ktpass -princ host/testserver@kerberos.jboss.org -out C:\testeserver.host.keytab -pass * -mapuser KERBEROS\testserver 

When prompted, enter the user password.

Issue the following command to display the available mappings and check if the new mapping is enlisted:

 setspn.exe -l <user mapping> 

 setspn.exe -l testserver