Installation Manual
Specifies the case-sensitive principal name. For example,
HTTP/myilo.somedomain.net@SOMEDOMAIN.net.
• The service type must use uppercase letters (HTTP).
• The iLO hostname must use lowercase letters (myilo.somedomain.net).
• The REALM name must use uppercase letters (@SOMEDOMAIN.NET).
-mapuser <user account>
Maps the principal name to the iLO system domain account.
-out <file name>
Specifies the file name for the .keytab file.
kvno
Override key version number.
IMPORTANT: Do not use this parameter. This option causes the knvo in the keytab file to be
out of sync with the kvno in Active Directory.
Example command
Ktpass +rndPass -ptype KRB5_NT_SRV_HST -princ
HTTP/myilo.somedomain.net@SOMEDOMAIN.NET -mapuser myilo$@somedomain.net
-out myilo.keytab
Example output
Targeting domain controller: domaincontroller.example.net
Using legacy password setting method
Successfully mapped HTTP/iloname.example.net to iloname.
WARNING: pType and account type do not match. This might cause problems.
Key created.
Output keytab to myilo.keytab:
Keytab version: 0x502
keysize 69 HTTP/iloname.example.net@EXAMPLE.NET ptype 3
(KRB5 _NT_SRV_HST) vno 3 etype 0x17 (RC4-HMAC) keylength 16
(0x5a5c7c18ae23559acc2 9d95e0524bf23)
The Ktpass command might display a message about not being able to set the UPN. This is
acceptable because iLO is a service, not a user. You might be prompted to confirm the password
change on the computer object. Click OK to close the window and continue creating the keytab
file.
Setspn
Syntax
Setspn [options]
Description
The Setspn displays, modifies, and deletes SPNs.
Parameters
-A <SPN>
Specifies an SPN to add.
-L
Lists the current SPN for a system.
280 Kerberos authentication and Directory services