You need to generate the service keytab file on your Kerberos/Active Directory® server in order to configure Kerberos on your library. This is the file you select when configuring Kerberos. See Configuring Kerberos.
These instructions are for generating the service keytab file for use with Microsoft® Active Directory. If you not using Active Directory, refer to your Kerberos vendor for instructions on generating this file.
ktpass -out library.keytab -princ library/ <fqdn of library> @ <realm> +rndPass -ptype KRB5_NT_SRV_HST -crypto RC4-HMAC-NT -mapUser <realm> /computers/ <computer account>
For example:
ktpass -out library.keytab -princ library/delos.dvt.mycompany.com@OURREALM.LOCAL +rndPass -ptype KRB5_NT_SRV_HST -crypto RC4-HMAC-NT -mapUser ourrealm.local/computers/kerbtest
ktpass -out library.keytab -princ library/<fqdn of library>@<realm> +rndPass -ptype KRB5_NT_SRV_HST -crypto AES256-SHA1 -mapUser <realm>/computers/<computer account>
For example:
ktpass -out library.keytab -princ library/delos.dvt.mycompany.com@OURREALM.LOCAL +rndPass -ptype KRB5_NT_SRV_HST -crypto AES256-SHA1 -mapUser ourrealm.local/computers/kerbtest
See also: