Ktpass Syntax

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

KtPass Syntax

Art Imagektpass  [/outFileName]  [/princUserName]  [/pass {Password|*}]  [/mapuserLocalUserName]  [/mapop {add|set}] [{-|+}desonly]  [/inFileName]  [/crpyto {DES-CBC-CRC|DES-CBC-MD5}]  [/ptype {KRB5_NT_PRINCIPAL|KRB5_NT_SRV_INST|KRB5_NT_SRV_HST}]  [/kvnoKeyVersionNum]  [/ktvnoKeyTabVersion]  [/rawsalt]  [{-|+}dumpsalt]  [{-|+}setupn]  [{-|+}setpassPassword]  [/?|/h|/help]

Parameters

  • /out FileName
    Specifies the name of the Kerberos 5 keytable file to generate. Note
    • This is the keytable you transfer to the UNIX computer and replace or merge with your existing keytable file, /Etc/Krb5.keytab.
  • /princ UserName
    Specifies the principal name in the form user@REALM.
  • /pass{ Password| *}
    Specifies a password for the principal user name specified in the /princ parameter. Use "*" to prompt for a password.
  • /mapuser LocalUserName
    Maps the name of the Kerberos principal specified by the /princ parameter to the specified local user name. By default, Kerberos principals are not mapped to local user names.
  • /mapop{ add| set}
    Specifies how the mapping attribute is set.

    Value Description

    add

    Adds value. This is the default.

    set

    Sets value.

  • { -| +} desonly
    Sets (+) or unsets (-) an account for des-only encryption. Des-only encryption is set by default.
  • /in FileName
    Specifies the keytab to read or digest.
  • /crypto{ DES-CBC-CRC| DES-CBC-MD5]
    Sets the encryption type to use.

    Value Description

    DES-CBC-CRC

    Default

    DES-CBC-MD5

    More MIT-like

  • /ptype{ KRB5_NT_PRINCIPAL| KRB5_NT_SRV_INST| KRB5_NT_SRV_HST}
    Specifies the principal type.

    Value Description

    KRB5_NT_PRINCIPAL

    General ptype (recommended).

    KRB5_NT_SRV_INST

    User service instance.

    KRB5_NT_SRV_HST

    Host service instance.

  • /kvno KeyVersionNum
    Specifies the Key version number. The default value is 1.
  • ****/?| /h| /help
    Displays command-line help for KtPass.

See Also

Concepts

Ktpass Overview
Ktpass Remarks
Alphabetical List of Tools
Xcacls Overview
Sidwkr.dll
Sidwalker Security Administration Tools
Sidwalk Overview
Showaccs Overview
Sdcheck Overview
Ksetup Overview
Getsid Overview
Addiag.exe