Updated: March 28, 2003
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Ktpass.exe: Kerberos Keytab Setup
This command-line tool enables an administrator to configure a non-Windows Server 2003 Kerberos service as a security principal in the Windows Server 2003 Active Directory. KtPass configures the server principal name for the host or service in Active Directory and generates an MIT-style Kerberos "keytab" file containing the shared secret key of the service. The tool allows UNIX-based services that support Kerberos authentication to use the interoperability features provided by the Windows Server 2003 Kerberos KDC service.
The keytab output file is used to replace or merge with the MIT Kerberos /Etc/Krb5.keytab file. MIT Kerberos-based services (noninteractive) use the keytab to log on and use Kerberos services.
There is no corresponding user interface for this tool.
Kerberos is an authentication system designed to enable two parties to exchange private information across an otherwise open network. It assigns a unique key, called a ticket, to each user that logs on to the network. The ticket is embedded in messages to identify the sender of the message.
The following are the system requirements for KtPass:
Windows Server 2003
User's membership in the Administrators or Server Operators group on the target computer. Also, both the user account and the server computer must be members of the same domain or reside within trusted domains.