Users Guide
Enabling Kerberos Authentication 149
e
Start a command prompt, and then type the following command:
C:\>ktpass -princ HOST/dracname.domain-
name.com@DOMAIN-NAME.COM -mapuser account -
crypto DES-CBC-MD5 -ptype KRB5_NT_PRINCIPAL -
pass password -out c:\krbkeytab
where:
•
dracname
is the DRAC 5’s DNS name.
•
domain-name
is the Active Directory domain name with which
you want to authenticate. It should be replaced by the actual
domain name in capital letters.
•
account
is the user name, a valid user account that you created
in Active Directory in step b and step c. It should be provided in
the
domain-name.com/user-name
format.
•
password
is the password for the user account.
•
DES-CBC-MD5
is the encryption type that DRAC 5 uses for
Kerberos authentication.
•
KRB5_NT_PRINCIPAL
is the principal type.
f
Upload the resulting keytab file to the DRAC 5 host.
NOTE: It is recommended that you use the latest ktpass utility to create the
keytab file.
This procedure will produce a keytab file that you should upload to the
DRAC 5.
NOTE: The keytab contains an encryption key and should be kept secure.
For more information on the
ktpass
utility, see the Microsoft website at:
http://technet2.microsoft.com/windowsserver/en/library/64042138-9a5a-
4981-84e9-d576a8db0d051033.mspx?mfr=true