For Windows Vista only: See Microsoft hotfix KB960830 and use
Ktpass.exe
version
6.0.6001.22331 or later.
2.
Optional: Use the
Setspn
command to assign the Kerberos SPN to the iLO system.
3.
Optional: Use the
Setspn -L <iLO name>
command to view the SPN for the iLO system.
Verify that the
HTTP/myilo.somedomain.net
service is displayed.
Ktpass
Syntax
Ktpass [options]
Description
Ktpass
generates a binary file called the keytab file, which contains pairs of service principal names and
encrypted passwords for Kerberos authentication.
Parameters
+rndPass
Specifies a random password.
-ptype KRB5_NT_SRV_HST
The principal type. Use the host service instance (KRB5_NT_SRV_HST) type.
-princ <principal name>
Specifies the case-sensitive principal name. For example,
HTTP/
myilo.somedomain.net@SOMEDOMAIN.net
.
• The service type must use uppercase letters (
HTTP
).
• The iLO hostname must use lowercase letters (
myilo.somedomain.net
).
• The REALM name must use uppercase letters (
@SOMEDOMAIN.NET
).
-mapuser <user account>
Maps the principal name to the iLO system domain account.
-out <file name>
Specifies the file name for the
.keytab
file.
-crypto <encryption>
Specifies the encryption of the keys generated in the
.keytab
file.
If iLO is configured to use the HighSecurity, FIPS, or SuiteB security state, you must use an AES
Kerberos key type.
kvno
Override key version number.
IMPORTANT:
Do not use this parameter. This option causes the
knvo
in the keytab file to be out of sync with
the
kvno
in Active Directory.
308
Ktpass